Btrfs: check if extent buffer is aligned to sectorsize

Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer via alloc_extent_buffer(). An unaligned eb can have more pages than it should have, which ends up extent buffer's leak or some corrupted content in extent buffer. This adds a warning to let us quickly know what was happening. Now that alloc_extent_buffer() no more returns NULL, this changes its caller and callers of its caller to match with the new error handling. Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
author: Liu Bo <bo.li.liu@oracle.com> 2016-06-06 15:01:23 -0400
committer: David Sterba <dsterba@suse.com> 2016-06-17 12:32:40 -0400
commit: c871b0f2fd27e7f9097d507f47de5270f88003b9 (patch)
tree: 76635b17aa4948c8a8af7f9da1a3a8225ac2d518 /fs
parent: 16ff4b454f1b56e8d89a9075feed0dd6ac510c3d (diff)
6 files changed, 28 insertions, 15 deletions
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 46025688f1d0..827c949fa4bc 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2512,6 +2512,8 @@ read_block_for_search(struct btrfs_trans_handle *trans,
                if (!btrfs_buffer_uptodate(tmp, 0, 0))
                        ret = -EIO;
                free_extent_buffer(tmp);
+        } else {
+                ret = PTR_ERR(tmp);
        }
        return ret;
 }
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 1142127f6e5e..7b5d5e8efde6 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1098,7 +1098,7 @@ void readahead_tree_block(struct btrfs_root *root, u64 bytenr)
        struct inode *btree_inode = root->fs_info->btree_inode;
        buf = btrfs_find_create_tree_block(root, bytenr);
-        if (!buf)
+        if (IS_ERR(buf))
                return;
        read_extent_buffer_pages(&BTRFS_I(btree_inode)->io_tree,
                                 buf, 0, WAIT_NONE, btree_get_extent, 0);
@@ -1114,7 +1114,7 @@ int reada_tree_block_flagged(struct btrfs_root *root, u64 bytenr,
        int ret;
        buf = btrfs_find_create_tree_block(root, bytenr);
-        if (!buf)
+        if (IS_ERR(buf))
                return 0;
        set_bit(EXTENT_BUFFER_READAHEAD, &buf->bflags);
@@ -1172,8 +1172,8 @@ struct extent_buffer *read_tree_block(struct btrfs_root *root, u64 bytenr,
        int ret;
        buf = btrfs_find_create_tree_block(root, bytenr);
-        if (!buf)
+        if (IS_ERR(buf))
-                return ERR_PTR(-ENOMEM);
+                return buf;
        ret = btree_read_extent_buffer_pages(root, buf, 0, parent_transid);
        if (ret) {
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index 689d25ac6a68..5439e85c4813 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -8016,8 +8016,9 @@ btrfs_init_new_buffer(struct btrfs_trans_handle *trans, struct btrfs_root *root,
        struct extent_buffer *buf;
        buf = btrfs_find_create_tree_block(root, bytenr);
-        if (!buf)
+        if (IS_ERR(buf))
-                return ERR_PTR(-ENOMEM);
+                return buf;
        btrfs_set_header_generation(buf, trans->transid);
        btrfs_set_buffer_lockdep_class(root->root_key.objectid, buf, level);
        btrfs_tree_lock(buf);
@@ -8659,8 +8660,9 @@ static noinline int do_walk_down(struct btrfs_trans_handle *trans,
        next = btrfs_find_tree_block(root->fs_info, bytenr);
        if (!next) {
                next = btrfs_find_create_tree_block(root, bytenr);
-                if (!next)
+                if (IS_ERR(next))
-                        return -ENOMEM;
+                        return PTR_ERR(next);
                btrfs_set_buffer_lockdep_class(root->root_key.objectid, next,
                                               level - 1);
                reada = 1;
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index a3412d68ad37..aaee3ef55ed8 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -4892,18 +4892,25 @@ struct extent_buffer *alloc_extent_buffer(struct btrfs_fs_info *fs_info,
        int uptodate = 1;
        int ret;
+        if (!IS_ALIGNED(start, fs_info->tree_root->sectorsize)) {
+                btrfs_err(fs_info, "bad tree block start %llu", start);
+                return ERR_PTR(-EINVAL);
+        }
        eb = find_extent_buffer(fs_info, start);
        if (eb)
                return eb;
        eb = __alloc_extent_buffer(fs_info, start, len);
        if (!eb)
-                return NULL;
+                return ERR_PTR(-ENOMEM);
        for (i = 0; i < num_pages; i++, index++) {
                p = find_or_create_page(mapping, index, GFP_NOFS|__GFP_NOFAIL);
-                if (!p)
+                if (!p) {
+                        exists = ERR_PTR(-ENOMEM);
                        goto free_eb;
+                }
                spin_lock(&mapping->private_lock);
                if (PagePrivate(p)) {
@@ -4948,8 +4955,10 @@ struct extent_buffer *alloc_extent_buffer(struct btrfs_fs_info *fs_info,
                set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags);
 again:
        ret = radix_tree_preload(GFP_NOFS);
-        if (ret)
+        if (ret) {
+                exists = ERR_PTR(ret);
                goto free_eb;
+        }
        spin_lock(&fs_info->buffer_lock);
        ret = radix_tree_insert(&fs_info->buffer_radix,
diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index aa8fed11f749..8ab1dc64cbba 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -2422,8 +2422,8 @@ static noinline int walk_down_log_tree(struct btrfs_trans_handle *trans,
                root_owner = btrfs_header_owner(parent);
                next = btrfs_find_create_tree_block(root, bytenr);
-                if (!next)
+                if (IS_ERR(next))
-                        return -ENOMEM;
+                        return PTR_ERR(next);
                if (*level == 1) {
                        ret = wc->process_func(root, next, wc, ptr_gen);
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index fcbda4341f7d..c3a2900c6030 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6607,8 +6607,8 @@ int btrfs_read_sys_array(struct btrfs_root *root)
         * overallocate but we can keep it as-is, only the first page is used.
         */
        sb = btrfs_find_create_tree_block(root, BTRFS_SUPER_INFO_OFFSET);
-        if (!sb)
+        if (IS_ERR(sb))
-                return -ENOMEM;
+                return PTR_ERR(sb);
        set_extent_buffer_uptodate(sb);
        btrfs_set_buffer_lockdep_class(root->root_key.objectid, sb, 0);
        /*
author	Liu Bo <bo.li.liu@oracle.com>	2016-06-06 15:01:23 -0400
committer	David Sterba <dsterba@suse.com>	2016-06-17 12:32:40 -0400
commit	c871b0f2fd27e7f9097d507f47de5270f88003b9 (patch)
tree	76635b17aa4948c8a8af7f9da1a3a8225ac2d518 /fs
parent	16ff4b454f1b56e8d89a9075feed0dd6ac510c3d (diff)