Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/fs/btrfs
History
Qu Wenruo 8b2aa52cea btrfs: tree-checker: reject inline extent items with 0 ref count 
commit dfb92681a19e1d5172420baa242806414b3eff6f upstream.

[BUG]
There is a bug report in the mailing list where btrfs_run_delayed_refs()
failed to drop the ref count for logical 25870311358464 num_bytes
2113536.

The involved leaf dump looks like this:

  item 166 key (25870311358464 168 2113536) itemoff 10091 itemsize 50
    extent refs 1 gen 84178 flags 1
    ref#0: shared data backref parent 32399126528000 count 0 <<<
    ref#1: shared data backref parent 31808973717504 count 1

Notice the count number is 0.

[CAUSE]
There is no concrete evidence yet, but considering 0 -> 1 is also a
single bit flipped, it's possible that hardware memory bitflip is
involved, causing the on-disk extent tree to be corrupted.

[FIX]
To prevent us reading such corrupted extent item, or writing such
damaged extent item back to disk, enhance the handling of
BTRFS_EXTENT_DATA_REF_KEY and BTRFS_SHARED_DATA_REF_KEY keys for both
inlined and key items, to detect such 0 ref count and reject them.

CC: stable@vger.kernel.org # 5.4+
Link: https://lore.kernel.org/linux-btrfs/7c69dd49-c346-4806-86e7-e6f863a66f48@app.fastmail.com/
Reported-by: Frankie Fisher <frankie@terrorise.me.uk>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-01-15 16:29:45 +01:00
..
tests Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
async-thread.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
async-thread.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
backref.c btrfs: fix information leak in btrfs_ioctl_logical_to_ino() 2024-11-19 11:32:38 +01:00
backref.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block-group.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block-group.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block-rsv.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block-rsv.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
btrfs_inode.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
check-integrity.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
check-integrity.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
compression.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
compression.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ctree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ctree.h btrfs: unify lookup return value when dir entry is missing 2024-11-18 22:25:36 +01:00
delalloc-space.c btrfs: don't arbitrarily slow down delalloc if we're committing 2024-11-18 11:43:24 +01:00
delalloc-space.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
delayed-inode.c btrfs: change BUG_ON to assertion when checking for delayed_node root 2024-11-23 23:20:46 +01:00
delayed-inode.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
delayed-ref.c btrfs: reinitialize delayed ref list after deleting it from the list 2024-11-30 02:33:25 +01:00
delayed-ref.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dev-replace.c btrfs: dev-replace: properly validate device names 2024-11-18 23:18:29 +01:00
dev-replace.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dir-item.c btrfs: unify lookup return value when dir entry is missing 2024-11-18 22:25:36 +01:00
discard.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
discard.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
disk-io.c Revert "btrfs: wait for fixup workers before stopping cleaner kthread during umount" 2024-11-24 00:23:01 +01:00
disk-io.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
export.c btrfs: export: handle invalid inode or root reference in btrfs_get_parent() 2024-11-19 09:23:13 +01:00
export.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extent-io-tree.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extent-tree.c btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() 2024-12-17 13:24:25 +01:00
extent_io.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extent_io.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extent_map.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extent_map.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
file-item.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
free-space-cache.c btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() 2024-11-23 23:20:43 +01:00
free-space-cache.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
free-space-tree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
free-space-tree.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode-item.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode-map.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode-map.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode.c btrfs: fix missing snapshot drew unlock when root is dead during swap activation 2024-12-17 13:24:33 +01:00
ioctl.c btrfs: fix use-after-free after failure to create a snapshot 2024-11-23 23:21:01 +01:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
locking.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
locking.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lzo.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
misc.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ordered-data.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ordered-data.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
orphan.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
print-tree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
print-tree.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
props.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
props.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
qgroup.c btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() 2024-11-23 23:20:46 +01:00
qgroup.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raid56.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raid56.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rcu-string.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reada.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ref-verify.c btrfs: ref-verify: fix use-after-free after invalid ref action 2024-12-17 13:24:23 +01:00
ref-verify.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reflink.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reflink.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
relocation.c Revert "btrfs: fix a NULL pointer dereference when failed to start a new trasacntion" 2024-11-24 00:23:01 +01:00
root-tree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scrub.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
send.c btrfs: send: handle unexpected data in header buffer in begin_cmd() 2024-11-23 23:20:46 +01:00
send.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
space-info.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
space-info.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
struct-funcs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
super.c Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" 2024-11-18 12:11:47 +01:00
sysfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysfs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
transaction.c btrfs: fix use-after-free after failure to create a snapshot 2024-11-23 23:21:01 +01:00
transaction.h btrfs: fix use-after-free after failure to create a snapshot 2024-11-23 23:21:01 +01:00
tree-checker.c btrfs: tree-checker: reject inline extent items with 0 ref count 2025-01-15 16:29:45 +01:00
tree-checker.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tree-defrag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tree-log.c btrfs: unify lookup return value when dir entry is missing 2024-11-18 22:25:36 +01:00
tree-log.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ulist.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ulist.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uuid-tree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
volumes.c btrfs: avoid unnecessary device path update for the same device 2024-12-17 13:24:29 +01:00
volumes.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xattr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xattr.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
zlib.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
zstd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00