| Message ID | 20221103083301.626561-1-liushixin2@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp378639wru;
Thu, 3 Nov 2022 00:53:46 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM4jRPIHAf7h6vSyIrk9l+cbCbRkEEIcwikNcw4ZScSrCrtLKLYC28PvI8HV+NlsoEcjGKDI
X-Received: by 2002:a63:8942:0:b0:46e:c02e:2eb5 with SMTP id
v63-20020a638942000000b0046ec02e2eb5mr25100564pgd.141.1667462026485;
Thu, 03 Nov 2022 00:53:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1667462026; cv=none;
d=google.com; s=arc-20160816;
b=uvk3VzAufsHUdC0iZMf+r9cEMcoxp5ddNZqDPmo/1A1ANwlVrLgvLL4qGCUMwTW/pq
9IVMokKJvd8N+L0L9GsS7IFbcljbG2wngVmuN6tTnFBtx0exlgPFmZGfdk/SNKt6ml/W
9Hqey0iYrYh6q6QGkGqZKkxbz7nm6DtQZ9j5ha8bnDFIlqNsaKdO6LgcxVxSbPaxYO7P
gR4VXfEymcMFKsNtvBpLx+Pd+hB0TFqHt5cQQN/0f94sUOGMJLxk/4qv+mpj2juLgCxn
Fscj3Arno0q5TNBIA/pkAX2PoSA04i5J9hdab7m/8tPvuxY9nHdPXlUb66C5Q5oPuuu/
vmxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=1YN4ud2Pf+TtUi2RD1PfFNMc22j6zJlDQRcVib6ygx0=;
b=leIt7T9eJcMpZXxVPn8WbhmzkpRllchwRREqSx4fFL8sIL6YKWJG8u+yeHC6Crvb4O
CT/Tx4ahUGZSDMq634iWa2vVfSP4HpJVIxyfVJ6BwSxKzByk1dgmtWQiHQ5+8K25b182
EmLKTqy5vfhZqTaKZahHr52eIUt6inXoYANpdF6M0UhLMlLHLiRkv4uW4JlrwThKcMok
xSPIaj0duFcOQaneLkNp/0fXyI1LAR5Y1WaG51q59PmJ6n4xO5A8rSoaVu6ceOfRScld
4B/R/ErrcDYuxGnVS++PFK5NjPH+4KxIWj7qBAkzVLfwxMClqkYVxDaRYUhaSAqDk+5v
xR0Q==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
p14-20020a17090b010e00b0020d9c20092fsi304663pjz.181.2022.11.03.00.53.33;
Thu, 03 Nov 2022 00:53:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230494AbiKCHpH (ORCPT <rfc822;yves.mi.zy@gmail.com> + 99 others);
Thu, 3 Nov 2022 03:45:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41396 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230233AbiKCHpG (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 3 Nov 2022 03:45:06 -0400
Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A038F2661;
Thu, 3 Nov 2022 00:45:04 -0700 (PDT)
Received: from dggpemm500021.china.huawei.com (unknown [172.30.72.53])
by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4N2wgz1CnSzJnRq;
Thu, 3 Nov 2022 15:42:07 +0800 (CST)
Received: from dggpemm100009.china.huawei.com (7.185.36.113) by
dggpemm500021.china.huawei.com (7.185.36.109) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Thu, 3 Nov 2022 15:44:48 +0800
Received: from huawei.com (10.175.113.32) by dggpemm100009.china.huawei.com
(7.185.36.113) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Thu, 3 Nov
2022 15:44:48 +0800
From: Liu Shixin <liushixin2@huawei.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>
CC: <linux-btrfs@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
Liu Shixin <liushixin2@huawei.com>
Subject: [PATCH] btrfs: fix match incorrectly in dev_args_match_device
Date: Thu, 3 Nov 2022 16:33:01 +0800
Message-ID: <20221103083301.626561-1-liushixin2@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.175.113.32]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
dggpemm100009.china.huawei.com (7.185.36.113)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1748460662143788983?=
X-GMAIL-MSGID: =?utf-8?q?1748460662143788983?=
|
| Series |
btrfs: fix match incorrectly in dev_args_match_device
|
|
Commit Message
Liu Shixin
Nov. 3, 2022, 8:33 a.m. UTC
syzkaller found an assert failed:
assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921
This can be trigger when we set devid to (u64)-1) by ioctl. In this case,
the match of devid will be skipped and the match of device may be succeed
incorrectly.
Patch 562d7b1512f7 introduced this function which is used to match device.
This function contaions two matching scenarios, we can distinguish them by
checking the value of args->missing rather than check whether args->devid
and args->uuid is default value.
Reported-by: syzbot+031687116258450f9853@syzkaller.appspotmail.com
Fixes: 562d7b1512f7 ("btrfs: handle device lookup with btrfs_dev_lookup_args")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
---
fs/btrfs/volumes.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Comments
On 3.11.22 г. 10:33 ч., Liu Shixin wrote: > syzkaller found an assert failed: > > assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 > > This can be trigger when we set devid to (u64)-1) by ioctl. In this case, > the match of devid will be skipped and the match of device may be succeed > incorrectly. > > Patch 562d7b1512f7 introduced this function which is used to match device. > This function contaions two matching scenarios, we can distinguish them by > checking the value of args->missing rather than check whether args->devid > and args->uuid is default value. > > Reported-by: syzbot+031687116258450f9853@syzkaller.appspotmail.com > Fixes: 562d7b1512f7 ("btrfs: handle device lookup with btrfs_dev_lookup_args") > Signed-off-by: Liu Shixin <liushixin2@huawei.com> Reviewed-by: Nikolay Borisov <nborisov@suse.com> > --- > fs/btrfs/volumes.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c > index 94ba46d57920..bf2d886cfb4b 100644 > --- a/fs/btrfs/volumes.c > +++ b/fs/btrfs/volumes.c > @@ -6918,18 +6918,18 @@ static bool dev_args_match_fs_devices(const struct btrfs_dev_lookup_args *args, > static bool dev_args_match_device(const struct btrfs_dev_lookup_args *args, > const struct btrfs_device *device) > { > - ASSERT((args->devid != (u64)-1) || args->missing); > + if (args->missing) { > + if (test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state) && > + !device->bdev) > + return true; > + return false; > + } > > - if ((args->devid != (u64)-1) && device->devid != args->devid) > + if (device->devid != args->devid) > return false; > if (args->uuid && memcmp(device->uuid, args->uuid, BTRFS_UUID_SIZE) != 0) > return false; > - if (!args->missing) > - return true; > - if (test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state) && > - !device->bdev) > - return true; > - return false; > + return true; > } > > /*
On Thu, Nov 03, 2022 at 04:33:01PM +0800, Liu Shixin wrote: > syzkaller found an assert failed: > > assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 > > This can be trigger when we set devid to (u64)-1) by ioctl. In this case, > the match of devid will be skipped and the match of device may be succeed > incorrectly. > > Patch 562d7b1512f7 introduced this function which is used to match device. > This function contaions two matching scenarios, we can distinguish them by > checking the value of args->missing rather than check whether args->devid > and args->uuid is default value. > > Reported-by: syzbot+031687116258450f9853@syzkaller.appspotmail.com > Fixes: 562d7b1512f7 ("btrfs: handle device lookup with btrfs_dev_lookup_args") > Signed-off-by: Liu Shixin <liushixin2@huawei.com> Added to misc-next, thanks.
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 94ba46d57920..bf2d886cfb4b 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -6918,18 +6918,18 @@ static bool dev_args_match_fs_devices(const struct btrfs_dev_lookup_args *args, static bool dev_args_match_device(const struct btrfs_dev_lookup_args *args, const struct btrfs_device *device) { - ASSERT((args->devid != (u64)-1) || args->missing); + if (args->missing) { + if (test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state) && + !device->bdev) + return true; + return false; + } - if ((args->devid != (u64)-1) && device->devid != args->devid) + if (device->devid != args->devid) return false; if (args->uuid && memcmp(device->uuid, args->uuid, BTRFS_UUID_SIZE) != 0) return false; - if (!args->missing) - return true; - if (test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state) && - !device->bdev) - return true; - return false; + return true; } /*