| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50a3b32c-137b-4781-9e56-91f74c44eb66@gmx.com>
Date: Wed, 18 Sep 2024 20:05:05 +0930
From: Qu Wenruo <quwenruo.btrfs@....com>
To: Lizhi Xu <lizhi.xu@...driver.com>,
syzbot+56360f93efa90ff15870@...kaller.appspotmail.com
Cc: clm@...com, dsterba@...e.com, josef@...icpanda.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [btrfs?] general protection fault in write_all_supers
在 2024/9/14 16:11, Lizhi Xu 写道:
> if we have IGNOREDATACSUMS then don't need to backup csum root
>
> #syz test
>
> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
> index a6f5441e62d1..415ad3b07032 100644
> --- a/fs/btrfs/disk-io.c
> +++ b/fs/btrfs/disk-io.c
> @@ -1679,7 +1679,6 @@ static void backup_super_roots(struct btrfs_fs_info *info)
>
> if (!btrfs_fs_compat_ro(info, BLOCK_GROUP_TREE)) {
> struct btrfs_root *extent_root = btrfs_extent_root(info, 0);
> - struct btrfs_root *csum_root = btrfs_csum_root(info, 0);
>
> btrfs_set_backup_extent_root(root_backup,
> extent_root->node->start);
> @@ -1688,11 +1687,15 @@ static void backup_super_roots(struct btrfs_fs_info *info)
> btrfs_set_backup_extent_root_level(root_backup,
> btrfs_header_level(extent_root->node));
>
> - btrfs_set_backup_csum_root(root_backup, csum_root->node->start);
> - btrfs_set_backup_csum_root_gen(root_backup,
> - btrfs_header_generation(csum_root->node));
> - btrfs_set_backup_csum_root_level(root_backup,
> - btrfs_header_level(csum_root->node));
> + if (!btrfs_test_opt(info, IGNOREDATACSUMS)) {
This doesn't looks sane to me.
IGNOREDATACSUMS is only set with rescue=idatacsums mount option, which
relies the fs to be fully RO (not any writeback, including any log
replay), and it's not allowed to be remounted RW.
If we're hitting a missing csum root, and IGNOREDATACSUMS is applied
here, I'm wondering why we're even writing a super block.
This looks like a deeper problem, not just a NULL pointer dereference,
but some logic problem.
Thanks,
Qu
> + struct btrfs_root *csum_root = btrfs_csum_root(info, 0);
> +
> + btrfs_set_backup_csum_root(root_backup, csum_root->node->start);
> + btrfs_set_backup_csum_root_gen(root_backup,
> + btrfs_header_generation(csum_root->node));
> + btrfs_set_backup_csum_root_level(root_backup,
> + btrfs_header_level(csum_root->node));
> + }
> }
>
> /*
>
Powered by blists - more mailing lists