On 2019/4/8 下午12:27, Qu Wenruo wrote:
> Under the following call traces, btrfs can commit device with 0
> total_bytes onto disk:
> btrfs_rm_device()
> |- btrfs_shrink_device()
> | |- btrfs_device_set_total_bytes(device, 0)
> | |- btrfs_update_device()
> | |- btrfs_commit_transaction() #1
> |- btrfs_rm_dev_item()
>
> This will trigger write time tree checker warning.
> And further more, this can create valid btrfs with device->total_bytes
> == 0 and triggering read time tree-checker if power loss happens after
> above transaction #1 but before next transaction.
>
> So this dev item check is too restrict.
>
> Please fold this patch into commit 87d87c6dcbbe ("btrfs: tree-checker:
> Verify dev item") in misc-next branch.
>
> The fuzzed image can be already addressed by commit 1b3922a8bc74
> ("btrfs: Use real device structure to verify dev extent") thus we don't
> need that strict check anymore.
Just a kind reminder, folding the patch will be much easier than my
original purpose to discard that patch completely.
Discarding causes at least 4 conflicts, and will be a pain in the ass.
Thanks,
Qu
>
> Signed-off-by: Qu Wenruo <wqu@xxxxxxxx>
> ---
> fs/btrfs/tree-checker.c | 13 ++++---------
> 1 file changed, 4 insertions(+), 9 deletions(-)
>
> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> index d2c3c1f8870d..974208ac56da 100644
> --- a/fs/btrfs/tree-checker.c
> +++ b/fs/btrfs/tree-checker.c
> @@ -657,16 +657,11 @@ static int check_dev_item(struct extent_buffer *leaf,
> }
>
> /*
> - * Since btrfs device add doesn't check device size at all, we could
> - * have device item whose size is smaller than 1M which is useless, but
> - * still valid.
> - * So here we can only check the obviously wrong case.
> + * For device total_bytes, we don't have solid way to check it, as it can
> + * be 0 for device removal.
> + * device size check can only be done by dev extents check.
> */
> - if (btrfs_device_total_bytes(leaf, ditem) == 0) {
> - dev_item_err(leaf, slot,
> - "invalid total bytes: have 0");
> - return -EUCLEAN;
> - }
> +
> if (btrfs_device_bytes_used(leaf, ditem) >
> btrfs_device_total_bytes(leaf, ditem)) {
> dev_item_err(leaf, slot,
>
Attachment:
signature.asc
Description: OpenPGP digital signature
