Unverified Commit 293d9743 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!5249 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned 

Merge Pull Request from: @ci-robot 
 
PR sync from: Yifan Qiao <qiaoyifan4@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/44XTJJM4R7L6HIOWA3WGKNGR3SNTLCD5/ 
 
https://gitee.com/src-openeuler/kernel/issues/I97NHF 
 
Link:https://gitee.com/openeuler/kernel/pulls/5249

 

Reviewed-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parents 17417628 2ce20e8e

fs/btrfs/scrub.c

+22 −7
Original line number Diff line number Diff line
@@ -1099,12 +1099,22 @@ static void scrub_stripe_read_repair_worker(struct work_struct *work) 
static void scrub_read_endio(struct btrfs_bio *bbio)

{

	struct scrub_stripe *stripe = bbio->private;

	struct bio_vec *bvec;

	int sector_nr = calc_sector_number(stripe, bio_first_bvec_all(&bbio->bio));

	int num_sectors;

	u32 bio_size = 0;

	int i;



	ASSERT(sector_nr < stripe->nr_sectors);

	bio_for_each_bvec_all(bvec, &bbio->bio, i)

		bio_size += bvec->bv_len;

	num_sectors = bio_size >> stripe->bg->fs_info->sectorsize_bits;



	if (bbio->bio.bi_status) {

		bitmap_set(&stripe->io_error_bitmap, 0, stripe->nr_sectors);

		bitmap_set(&stripe->error_bitmap, 0, stripe->nr_sectors);

		bitmap_set(&stripe->io_error_bitmap, sector_nr, num_sectors);

		bitmap_set(&stripe->error_bitmap, sector_nr, num_sectors);

	} else {

		bitmap_clear(&stripe->io_error_bitmap, 0, stripe->nr_sectors);

		bitmap_clear(&stripe->io_error_bitmap, sector_nr, num_sectors);

	}

	bio_put(&bbio->bio);

	if (atomic_dec_and_test(&stripe->pending_io)) {
@@ -1640,6 +1650,9 @@ static void scrub_submit_initial_read(struct scrub_ctx *sctx, 
{

	struct btrfs_fs_info *fs_info = sctx->fs_info;

	struct btrfs_bio *bbio;

	unsigned int nr_sectors = min_t(u64, BTRFS_STRIPE_LEN, stripe->bg->start +

				      stripe->bg->length - stripe->logical) >>

				  fs_info->sectorsize_bits;

	int mirror = stripe->mirror_num;



	ASSERT(stripe->bg);
@@ -1649,14 +1662,16 @@ static void scrub_submit_initial_read(struct scrub_ctx *sctx, 
	bbio = btrfs_bio_alloc(SCRUB_STRIPE_PAGES, REQ_OP_READ, fs_info,

			       scrub_read_endio, stripe);



	/* Read the whole stripe. */

	bbio->bio.bi_iter.bi_sector = stripe->logical >> SECTOR_SHIFT;

	for (int i = 0; i < BTRFS_STRIPE_LEN >> PAGE_SHIFT; i++) {

	/* Read the whole range inside the chunk boundary. */

	for (unsigned int cur = 0; cur < nr_sectors; cur++) {

		struct page *page = scrub_stripe_get_page(stripe, cur);

		unsigned int pgoff = scrub_stripe_get_page_offset(stripe, cur);

		int ret;



		ret = bio_add_page(&bbio->bio, stripe->pages[i], PAGE_SIZE, 0);

		ret = bio_add_page(&bbio->bio, page, fs_info->sectorsize, pgoff);

		/* We should have allocated enough bio vectors. */

		ASSERT(ret == PAGE_SIZE);

		ASSERT(ret == fs_info->sectorsize);

	}

	atomic_inc(&stripe->pending_io);