[0/2] btrfs: fix logical_to_ino panic in btrfs_map_bio

Message

Boris Burkov May 30, 2023, 7:22 p.m. UTC

The gory details are in the second patch, but it is possible to panic the kernel by running the ioctl BTRFS_IOC_LOGICAL_INO (and V2 of that ioctl).

The TL;DR of the problem is that we do not properly handle logging a move from a push_node_left btree balancing operation in the tree mod log, so it is possible for backref walking using the tree mod log to construct an invalid extent_buffer and ultimately try to map invalid bios for block 0 which ultimately hits a null pointer error and panics.

The patch set introduces additional bookkeeping in tree mod log to WARN on this issue and also fixes the issue itself.

Boris Burkov (2):
  btrfs: warn on invalid slot in tree mod log rewind
  btrfs: insert tree mod log move in push_node_left

 fs/btrfs/ctree.c        | 19 +++++----
 fs/btrfs/tree-mod-log.c | 92 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 93 insertions(+), 18 deletions(-)