diff options
| author | Qu Wenruo <wqu@suse.com> | 2019-03-08 14:20:03 +0800 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2019-04-29 19:02:32 +0200 |
| commit | ab4ba2e133463c702b37242560d7fabedd2dc750 (patch) | |
| tree | c4308266c635ddecb044ee96ccd7ca7bb453e001 /fs/btrfs/inode.c | |
| parent | 075cb3c78fe7976c9f29ca1fa23f9728634ecefc (diff) | |
| download | linux-ab4ba2e133463c702b37242560d7fabedd2dc750.tar.bz2 | |
btrfs: tree-checker: Verify dev item
[BUG]
For fuzzed image whose DEV_ITEM has invalid total_bytes as 0, then
kernel will just panic:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
#PF error: [normal kernel read fault]
PGD 800000022b2bd067 P4D 800000022b2bd067 PUD 22b2bc067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 1106 Comm: mount Not tainted 5.0.0-rc8+ #9
RIP: 0010:btrfs_verify_dev_extents+0x2a5/0x5a0
Call Trace:
open_ctree+0x160d/0x2149
btrfs_mount_root+0x5b2/0x680
[CAUSE]
If device extent verification finds a deivce with 0 total_bytes, then it
assumes it's a seed dummy, then search for seed devices.
But in this case, there is no seed device at all, causing NULL pointer.
[FIX]
Since this is caused by fuzzed image, let's go the tree-check way, just
add a new verification for device item.
Reported-by: Yoon Jungyeon <jungyeon@gatech.edu>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202691
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs/btrfs/inode.c')
0 files changed, 0 insertions, 0 deletions