Unverified Commit 811cee84 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12438 CVE-2024-35949 

Merge Pull Request from: @ci-robot 
 
PR sync from: Yongqiang Liu <liuyongqiang13@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/D5LYTRRRKFYAFCWWCAVDAHKEFF4U6ASG/ 
Josef Bacik (1):
  btrfs: make sure that WRITTEN is set on all metadata blocks


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I9QRGT 
 
Link:https://gitee.com/openeuler/kernel/pulls/12438

 

Reviewed-by: default avatarWeilong Chen <chenweilong@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 1bc2f1c8 2f5a0690

fs/btrfs/tree-checker.c

+15 −15
Original line number Diff line number Diff line
@@ -1864,6 +1864,11 @@ enum btrfs_tree_block_status __btrfs_check_leaf(struct extent_buffer *leaf) 
		return BTRFS_TREE_BLOCK_INVALID_LEVEL;

	}



	if (unlikely(!btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_WRITTEN))) {

		generic_err(leaf, 0, "invalid flag for leaf, WRITTEN not set");

		return BTRFS_TREE_BLOCK_WRITTEN_NOT_SET;

	}



	/*

	 * Extent buffers from a relocation tree have a owner field that

	 * corresponds to the subvolume tree they are based on. So just from an
@@ -1925,6 +1930,7 @@ enum btrfs_tree_block_status __btrfs_check_leaf(struct extent_buffer *leaf) 
	for (slot = 0; slot < nritems; slot++) {

		u32 item_end_expected;

		u64 item_data_end;

		enum btrfs_tree_block_status ret;



		btrfs_item_key_to_cpu(leaf, &key, slot);
@@ -1980,21 +1986,10 @@ enum btrfs_tree_block_status __btrfs_check_leaf(struct extent_buffer *leaf) 
			return BTRFS_TREE_BLOCK_INVALID_OFFSETS;

		}



		/*

		 * We only want to do this if WRITTEN is set, otherwise the leaf

		 * may be in some intermediate state and won't appear valid.

		 */

		if (btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_WRITTEN)) {

			enum btrfs_tree_block_status ret;



			/*

			 * Check if the item size and content meet other

			 * criteria

			 */

		/* Check if the item size and content meet other criteria. */

		ret = check_leaf_item(leaf, &key, slot, &prev_key);

		if (unlikely(ret != BTRFS_TREE_BLOCK_CLEAN))

			return ret;

		}



		prev_key.objectid = key.objectid;

		prev_key.type = key.type;
@@ -2024,6 +2019,11 @@ enum btrfs_tree_block_status __btrfs_check_node(struct extent_buffer *node) 
	int level = btrfs_header_level(node);

	u64 bytenr;



	if (unlikely(!btrfs_header_flag(node, BTRFS_HEADER_FLAG_WRITTEN))) {

		generic_err(node, 0, "invalid flag for node, WRITTEN not set");

		return BTRFS_TREE_BLOCK_WRITTEN_NOT_SET;

	}



	if (unlikely(level <= 0 || level >= BTRFS_MAX_LEVEL)) {

		generic_err(node, 0,

			"invalid level for node, have %d expect [1, %d]",

fs/btrfs/tree-checker.h

+1 −0
Original line number Diff line number Diff line
@@ -51,6 +51,7 @@ enum btrfs_tree_block_status { 
	BTRFS_TREE_BLOCK_INVALID_BLOCKPTR,

	BTRFS_TREE_BLOCK_INVALID_ITEM,

	BTRFS_TREE_BLOCK_INVALID_OWNER,

	BTRFS_TREE_BLOCK_WRITTEN_NOT_SET,

};



/*