]> git.proxmox.com Git - grub2.git/commit
projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 23c785c) | patch
fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing
authorDarren Kenny <darren.kenny@oracle.com>
Tue, 29 Mar 2022 15:52:46 +0000 (15:52 +0000)
committerJulian Andres Klode <julian.klode@canonical.com>
Wed, 8 Jun 2022 10:41:03 +0000 (12:41 +0200)
commit22976cf1b9864455173e1bfc617bc63f13fbecf7
tree02fefbbb0794cb4534e4fe4eb1a3510d35e8620etree
parent23c785c3e965731ac440f9c150fdfeec6dd433e7commit | diff
fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing

The fuzzer is generating btrfs file systems that have chunks with
invalid combinations of stripes and substripes for the given RAID
configurations.

After examining the Linux kernel fs/btrfs/tree-checker.c code, it
appears that sub-stripes should only be applied to RAID10, and in that
case there should only ever be 2 of them.

Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4
should have 2. 3 or 4 stripes respectively, which is what redundancy
corresponds.

Some of the chunks ended up with a size of 0, which grub_malloc() still
returned memory for and in turn generated ASAN errors later when
accessed.

While it would be possible to specifically limit the number of stripes,
a more correct test was on the combination of the chunk item, and the
number of stripes by the size of the chunk stripe structure in
comparison to the size of the chunk itself.

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/fs/btrfs.c diff | blob | blame | history
The GNU GRand Unified Bootloader for Proxmox projects