Commit 43bbd4f6 authored Sep 24, 2024 by Filipe Manana Committed by Yifan Qiao Sep 24, 2024

btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

stable inclusion
from stable-v6.6.51
commit 41a0f85e268d72fe04f731b8ceea4748c2d65491
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARX1T
CVE: CVE-2024-46752

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=41a0f85e268d72fe04f731b8ceea4748c2d65491



--------------------------------

[ Upstream commit b56329a782314fde5b61058e2a25097af7ccb675 ]

Instead of a BUG_ON() just return an error, log an error message and
abort the transaction in case we find an extent buffer belonging to the
relocation tree that doesn't have the full backref flag set. This is
unexpected and should never happen (save for bugs or a potential bad
memory).

Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Conflict:
	fs/btrfs/ctree.c
[No btrfs_root_id yet.]
Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com>

parent 6f4a2726

fs/btrfs/ctree.c

+10 −2

Original line number	Diff line number	Diff line
		@@ -896,8 +896,16 @@ static noinline int update_ref_for_cow(struct btrfs_trans_handle *trans,
		}

		owner = btrfs_header_owner(buf);
		BUG_ON(owner == BTRFS_TREE_RELOC_OBJECTID &&
		!(flags & BTRFS_BLOCK_FLAG_FULL_BACKREF));
		if (unlikely(owner == BTRFS_TREE_RELOC_OBJECTID &&
		!(flags & BTRFS_BLOCK_FLAG_FULL_BACKREF))) {
		btrfs_crit(fs_info,
		"found tree block at bytenr %llu level %d root %llu refs %llu flags %llx without full backref flag set",
		buf->start, btrfs_header_level(buf),
		root->root_key.objectid, refs, flags);
		ret = -EUCLEAN;
		btrfs_abort_transaction(trans, ret);
		return ret;
		}

		if (refs > 1) {
		if ((owner == root->root_key.objectid \|\|