Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 20b30415513621106d1a39202ed63cceb73ba18a / . / fs / btrfs / tree-checker.c
blob: dfba9f6b79a26d7503f91386761e923d799fe896 [file] [log] [blame]
Qu Wenruo90eb4c02017-10-09 01:51:02 +0000[diff] [blame]1/*
2 * Copyright (C) Qu Wenruo 2017. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public
6 * License v2 as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public
14 * License along with this program.
15 */
16
17/*
18 * The module is used to catch unexpected/corrupted tree block data.
19 * Such behavior can be caused either by a fuzzed image or bugs.
20 *
21 * The objective is to do leaf/node validation checks when tree block is read
22 * from disk, and check *every* possible member, so other code won't
23 * need to checking them again.
24 *
25 * Due to the potential and unwanted damage, every checker needs to be
26 * carefully reviewed otherwise so it does not prevent mount of valid images.
27 */
28
29#include "ctree.h"
30#include "tree-checker.h"
31#include "disk-io.h"
32#include "compression.h"
33
34#define CORRUPT(reason, eb, root, slot) \
35 btrfs_crit(root->fs_info, \
36 "corrupt %s, %s: block=%llu, root=%llu, slot=%d", \
37 btrfs_header_level(eb) == 0 ? "leaf" : "node", \
38 reason, btrfs_header_bytenr(eb), root->objectid, slot)
39
40static int check_extent_data_item(struct btrfs_root *root,
41 struct extent_buffer *leaf,
42 struct btrfs_key *key, int slot)
43{
44 struct btrfs_file_extent_item *fi;
45 u32 sectorsize = root->sectorsize;
46 u32 item_size = btrfs_item_size_nr(leaf, slot);
47
48 if (!IS_ALIGNED(key->offset, sectorsize)) {
49 CORRUPT("unaligned key offset for file extent",
50 leaf, root, slot);
51 return -EUCLEAN;
52 }
53
54 fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
55
56 if (btrfs_file_extent_type(leaf, fi) > BTRFS_FILE_EXTENT_TYPES) {
57 CORRUPT("invalid file extent type", leaf, root, slot);
58 return -EUCLEAN;
59 }
60
61 /*
62 * Support for new compression/encrption must introduce incompat flag,
63 * and must be caught in open_ctree().
64 */
65 if (btrfs_file_extent_compression(leaf, fi) > BTRFS_COMPRESS_TYPES) {
66 CORRUPT("invalid file extent compression", leaf, root, slot);
67 return -EUCLEAN;
68 }
69 if (btrfs_file_extent_encryption(leaf, fi)) {
70 CORRUPT("invalid file extent encryption", leaf, root, slot);
71 return -EUCLEAN;
72 }
73 if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) {
74 /* Inline extent must have 0 as key offset */
75 if (key->offset) {
76 CORRUPT("inline extent has non-zero key offset",
77 leaf, root, slot);
78 return -EUCLEAN;
79 }
80
81 /* Compressed inline extent has no on-disk size, skip it */
82 if (btrfs_file_extent_compression(leaf, fi) !=
83 BTRFS_COMPRESS_NONE)
84 return 0;
85
86 /* Uncompressed inline extent size must match item size */
87 if (item_size != BTRFS_FILE_EXTENT_INLINE_DATA_START +
88 btrfs_file_extent_ram_bytes(leaf, fi)) {
89 CORRUPT("plaintext inline extent has invalid size",
90 leaf, root, slot);
91 return -EUCLEAN;
92 }
93 return 0;
94 }
95
96 /* Regular or preallocated extent has fixed item size */
97 if (item_size != sizeof(*fi)) {
98 CORRUPT(
99 "regluar or preallocated extent data item size is invalid",
100 leaf, root, slot);
101 return -EUCLEAN;
102 }
103 if (!IS_ALIGNED(btrfs_file_extent_ram_bytes(leaf, fi), sectorsize) ||
104 !IS_ALIGNED(btrfs_file_extent_disk_bytenr(leaf, fi), sectorsize) ||
105 !IS_ALIGNED(btrfs_file_extent_disk_num_bytes(leaf, fi), sectorsize) ||
106 !IS_ALIGNED(btrfs_file_extent_offset(leaf, fi), sectorsize) ||
107 !IS_ALIGNED(btrfs_file_extent_num_bytes(leaf, fi), sectorsize)) {
108 CORRUPT(
109 "regular or preallocated extent data item has unaligned value",
110 leaf, root, slot);
111 return -EUCLEAN;
112 }
113
114 return 0;
115}
116
117static int check_csum_item(struct btrfs_root *root, struct extent_buffer *leaf,
118 struct btrfs_key *key, int slot)
119{
120 u32 sectorsize = root->sectorsize;
121 u32 csumsize = btrfs_super_csum_size(root->fs_info->super_copy);
122
123 if (key->objectid != BTRFS_EXTENT_CSUM_OBJECTID) {
124 CORRUPT("invalid objectid for csum item", leaf, root, slot);
125 return -EUCLEAN;
126 }
127 if (!IS_ALIGNED(key->offset, sectorsize)) {
128 CORRUPT("unaligned key offset for csum item", leaf, root, slot);
129 return -EUCLEAN;
130 }
131 if (!IS_ALIGNED(btrfs_item_size_nr(leaf, slot), csumsize)) {
132 CORRUPT("unaligned csum item size", leaf, root, slot);
133 return -EUCLEAN;
134 }
135 return 0;
136}
137
138/*
139 * Common point to switch the item-specific validation.
140 */
141static int check_leaf_item(struct btrfs_root *root,
142 struct extent_buffer *leaf,
143 struct btrfs_key *key, int slot)
144{
145 int ret = 0;
146
147 switch (key->type) {
148 case BTRFS_EXTENT_DATA_KEY:
149 ret = check_extent_data_item(root, leaf, key, slot);
150 break;
151 case BTRFS_EXTENT_CSUM_KEY:
152 ret = check_csum_item(root, leaf, key, slot);
153 break;
154 }
155 return ret;
156}
157
158int btrfs_check_leaf(struct btrfs_root *root, struct extent_buffer *leaf)
159{
160 struct btrfs_fs_info *fs_info = root->fs_info;
161 /* No valid key type is 0, so all key should be larger than this key */
162 struct btrfs_key prev_key = {0, 0, 0};
163 struct btrfs_key key;
164 u32 nritems = btrfs_header_nritems(leaf);
165 int slot;
166
167 /*
168 * Extent buffers from a relocation tree have a owner field that
169 * corresponds to the subvolume tree they are based on. So just from an
170 * extent buffer alone we can not find out what is the id of the
171 * corresponding subvolume tree, so we can not figure out if the extent
172 * buffer corresponds to the root of the relocation tree or not. So
173 * skip this check for relocation trees.
174 */
175 if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) {
176 struct btrfs_root *check_root;
177
178 key.objectid = btrfs_header_owner(leaf);
179 key.type = BTRFS_ROOT_ITEM_KEY;
180 key.offset = (u64)-1;
181
182 check_root = btrfs_get_fs_root(fs_info, &key, false);
183 /*
184 * The only reason we also check NULL here is that during
185 * open_ctree() some roots has not yet been set up.
186 */
187 if (!IS_ERR_OR_NULL(check_root)) {
188 struct extent_buffer *eb;
189
190 eb = btrfs_root_node(check_root);
191 /* if leaf is the root, then it's fine */
192 if (leaf != eb) {
193 CORRUPT("non-root leaf's nritems is 0",
194 leaf, check_root, 0);
195 free_extent_buffer(eb);
196 return -EUCLEAN;
197 }
198 free_extent_buffer(eb);
199 }
200 return 0;
201 }
202
203 if (nritems == 0)
204 return 0;
205
206 /*
207 * Check the following things to make sure this is a good leaf, and
208 * leaf users won't need to bother with similar sanity checks:
209 *
210 * 1) key ordering
211 * 2) item offset and size
212 * No overlap, no hole, all inside the leaf.
213 * 3) item content
214 * If possible, do comprehensive sanity check.
215 * NOTE: All checks must only rely on the item data itself.
216 */
217 for (slot = 0; slot < nritems; slot++) {
218 u32 item_end_expected;
219 int ret;
220
221 btrfs_item_key_to_cpu(leaf, &key, slot);
222
223 /* Make sure the keys are in the right order */
224 if (btrfs_comp_cpu_keys(&prev_key, &key) >= 0) {
225 CORRUPT("bad key order", leaf, root, slot);
226 return -EUCLEAN;
227 }
228
229 /*
230 * Make sure the offset and ends are right, remember that the
231 * item data starts at the end of the leaf and grows towards the
232 * front.
233 */
234 if (slot == 0)
235 item_end_expected = BTRFS_LEAF_DATA_SIZE(root);
236 else
237 item_end_expected = btrfs_item_offset_nr(leaf,
238 slot - 1);
239 if (btrfs_item_end_nr(leaf, slot) != item_end_expected) {
240 CORRUPT("slot offset bad", leaf, root, slot);
241 return -EUCLEAN;
242 }
243
244 /*
245 * Check to make sure that we don't point outside of the leaf,
246 * just in case all the items are consistent to each other, but
247 * all point outside of the leaf.
248 */
249 if (btrfs_item_end_nr(leaf, slot) >
250 BTRFS_LEAF_DATA_SIZE(root)) {
251 CORRUPT("slot end outside of leaf", leaf, root, slot);
252 return -EUCLEAN;
253 }
254
255 /* Also check if the item pointer overlaps with btrfs item. */
256 if (btrfs_item_nr_offset(slot) + sizeof(struct btrfs_item) >
257 btrfs_item_ptr_offset(leaf, slot)) {
258 CORRUPT("slot overlap with its data", leaf, root, slot);
259 return -EUCLEAN;
260 }
261
262 /* Check if the item size and content meet other criteria */
263 ret = check_leaf_item(root, leaf, &key, slot);
264 if (ret < 0)
265 return ret;
266
267 prev_key.objectid = key.objectid;
268 prev_key.type = key.type;
269 prev_key.offset = key.offset;
270 }
271
272 return 0;
273}
274
275int btrfs_check_node(struct btrfs_root *root, struct extent_buffer *node)
276{
277 unsigned long nr = btrfs_header_nritems(node);
278 struct btrfs_key key, next_key;
279 int slot;
280 u64 bytenr;
281 int ret = 0;
282
283 if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(root)) {
284 btrfs_crit(root->fs_info,
285 "corrupt node: block %llu root %llu nritems %lu",
286 node->start, root->objectid, nr);
287 return -EIO;
288 }
289
290 for (slot = 0; slot < nr - 1; slot++) {
291 bytenr = btrfs_node_blockptr(node, slot);
292 btrfs_node_key_to_cpu(node, &key, slot);
293 btrfs_node_key_to_cpu(node, &next_key, slot + 1);
294
295 if (!bytenr) {
296 CORRUPT("invalid item slot", node, root, slot);
297 ret = -EIO;
298 goto out;
299 }
300
301 if (btrfs_comp_cpu_keys(&key, &next_key) >= 0) {
302 CORRUPT("bad key order", node, root, slot);
303 ret = -EIO;
304 goto out;
305 }
306 }
307out:
308 return ret;
309}