Alexander Miroshnichenko
ad7c6fc00a
bcachefs patches synced to ca2e7a3de895c703d2cbbd9b63c10d8adfba8228 from master branch Signed-off-by: Alexander Miroshnichenko <alex@millerson.name>
260 lines
8.4 KiB
Diff
260 lines
8.4 KiB
Diff
From ec3ca7c9e05b1253ccce6a20ca1269750a71bd2a Mon Sep 17 00:00:00 2001
|
|
From: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Date: Mon, 25 Nov 2024 02:05:02 -0500
|
|
Subject: [PATCH 125/233] bcachefs: Don't try to en/decrypt when encryption not
|
|
available
|
|
Content-Type: text/plain; charset="utf-8"
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
If a btree node says it's encrypted, but the superblock never had an
|
|
encryptino key - whoops, that needs to be handled.
|
|
|
|
Reported-by: syzbot+026f1857b12f5eb3f9e9@syzkaller.appspotmail.com
|
|
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Signed-off-by: Alexander Miroshnichenko <alex@millerson.name>
|
|
---
|
|
fs/bcachefs/btree_io.c | 117 +++++++++++++++++-----------------
|
|
fs/bcachefs/btree_node_scan.c | 3 +
|
|
fs/bcachefs/checksum.c | 10 ++-
|
|
fs/bcachefs/errcode.h | 1 +
|
|
fs/bcachefs/io_read.c | 14 +++-
|
|
5 files changed, 84 insertions(+), 61 deletions(-)
|
|
|
|
diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c
|
|
index 2b5da566fbac..3bb6db9bd4a4 100644
|
|
--- a/fs/bcachefs/btree_io.c
|
|
+++ b/fs/bcachefs/btree_io.c
|
|
@@ -1045,39 +1045,51 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
|
|
|
|
while (b->written < (ptr_written ?: btree_sectors(c))) {
|
|
unsigned sectors;
|
|
- struct nonce nonce;
|
|
bool first = !b->written;
|
|
- bool csum_bad;
|
|
|
|
- if (!b->written) {
|
|
+ if (first) {
|
|
+ bne = NULL;
|
|
i = &b->data->keys;
|
|
+ } else {
|
|
+ bne = write_block(b);
|
|
+ i = &bne->keys;
|
|
|
|
- btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),
|
|
- -BCH_ERR_btree_node_read_err_want_retry,
|
|
- c, ca, b, i, NULL,
|
|
- bset_unknown_csum,
|
|
- "unknown checksum type %llu", BSET_CSUM_TYPE(i));
|
|
-
|
|
- nonce = btree_nonce(i, b->written << 9);
|
|
+ if (i->seq != b->data->keys.seq)
|
|
+ break;
|
|
+ }
|
|
|
|
- struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, b->data);
|
|
- csum_bad = bch2_crc_cmp(b->data->csum, csum);
|
|
- if (csum_bad)
|
|
- bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
|
|
+ struct nonce nonce = btree_nonce(i, b->written << 9);
|
|
+ bool good_csum_type = bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i));
|
|
|
|
- btree_err_on(csum_bad,
|
|
- -BCH_ERR_btree_node_read_err_want_retry,
|
|
- c, ca, b, i, NULL,
|
|
- bset_bad_csum,
|
|
- "%s",
|
|
- (printbuf_reset(&buf),
|
|
- bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), b->data->csum, csum),
|
|
- buf.buf));
|
|
-
|
|
- ret = bset_encrypt(c, i, b->written << 9);
|
|
- if (bch2_fs_fatal_err_on(ret, c,
|
|
- "decrypting btree node: %s", bch2_err_str(ret)))
|
|
- goto fsck_err;
|
|
+ btree_err_on(!good_csum_type,
|
|
+ bch2_csum_type_is_encryption(BSET_CSUM_TYPE(i))
|
|
+ ? -BCH_ERR_btree_node_read_err_must_retry
|
|
+ : -BCH_ERR_btree_node_read_err_want_retry,
|
|
+ c, ca, b, i, NULL,
|
|
+ bset_unknown_csum,
|
|
+ "unknown checksum type %llu", BSET_CSUM_TYPE(i));
|
|
+
|
|
+ if (first) {
|
|
+ if (good_csum_type) {
|
|
+ struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, b->data);
|
|
+ bool csum_bad = bch2_crc_cmp(b->data->csum, csum);
|
|
+ if (csum_bad)
|
|
+ bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
|
|
+
|
|
+ btree_err_on(csum_bad,
|
|
+ -BCH_ERR_btree_node_read_err_want_retry,
|
|
+ c, ca, b, i, NULL,
|
|
+ bset_bad_csum,
|
|
+ "%s",
|
|
+ (printbuf_reset(&buf),
|
|
+ bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), b->data->csum, csum),
|
|
+ buf.buf));
|
|
+
|
|
+ ret = bset_encrypt(c, i, b->written << 9);
|
|
+ if (bch2_fs_fatal_err_on(ret, c,
|
|
+ "decrypting btree node: %s", bch2_err_str(ret)))
|
|
+ goto fsck_err;
|
|
+ }
|
|
|
|
btree_err_on(btree_node_type_is_extents(btree_node_type(b)) &&
|
|
!BTREE_NODE_NEW_EXTENT_OVERWRITE(b->data),
|
|
@@ -1088,37 +1100,26 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
|
|
|
|
sectors = vstruct_sectors(b->data, c->block_bits);
|
|
} else {
|
|
- bne = write_block(b);
|
|
- i = &bne->keys;
|
|
-
|
|
- if (i->seq != b->data->keys.seq)
|
|
- break;
|
|
-
|
|
- btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),
|
|
- -BCH_ERR_btree_node_read_err_want_retry,
|
|
- c, ca, b, i, NULL,
|
|
- bset_unknown_csum,
|
|
- "unknown checksum type %llu", BSET_CSUM_TYPE(i));
|
|
-
|
|
- nonce = btree_nonce(i, b->written << 9);
|
|
- struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, bne);
|
|
- csum_bad = bch2_crc_cmp(bne->csum, csum);
|
|
- if (ca && csum_bad)
|
|
- bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
|
|
-
|
|
- btree_err_on(csum_bad,
|
|
- -BCH_ERR_btree_node_read_err_want_retry,
|
|
- c, ca, b, i, NULL,
|
|
- bset_bad_csum,
|
|
- "%s",
|
|
- (printbuf_reset(&buf),
|
|
- bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), bne->csum, csum),
|
|
- buf.buf));
|
|
-
|
|
- ret = bset_encrypt(c, i, b->written << 9);
|
|
- if (bch2_fs_fatal_err_on(ret, c,
|
|
- "decrypting btree node: %s", bch2_err_str(ret)))
|
|
- goto fsck_err;
|
|
+ if (good_csum_type) {
|
|
+ struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, bne);
|
|
+ bool csum_bad = bch2_crc_cmp(bne->csum, csum);
|
|
+ if (ca && csum_bad)
|
|
+ bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
|
|
+
|
|
+ btree_err_on(csum_bad,
|
|
+ -BCH_ERR_btree_node_read_err_want_retry,
|
|
+ c, ca, b, i, NULL,
|
|
+ bset_bad_csum,
|
|
+ "%s",
|
|
+ (printbuf_reset(&buf),
|
|
+ bch2_csum_err_msg(&buf, BSET_CSUM_TYPE(i), bne->csum, csum),
|
|
+ buf.buf));
|
|
+
|
|
+ ret = bset_encrypt(c, i, b->written << 9);
|
|
+ if (bch2_fs_fatal_err_on(ret, c,
|
|
+ "decrypting btree node: %s", bch2_err_str(ret)))
|
|
+ goto fsck_err;
|
|
+ }
|
|
|
|
sectors = vstruct_sectors(bne, c->block_bits);
|
|
}
|
|
diff --git a/fs/bcachefs/btree_node_scan.c b/fs/bcachefs/btree_node_scan.c
|
|
index 4b4df31d4b95..327f1a1859b9 100644
|
|
--- a/fs/bcachefs/btree_node_scan.c
|
|
+++ b/fs/bcachefs/btree_node_scan.c
|
|
@@ -159,6 +159,9 @@ static void try_read_btree_node(struct find_btree_nodes *f, struct bch_dev *ca,
|
|
return;
|
|
|
|
if (bch2_csum_type_is_encryption(BSET_CSUM_TYPE(&bn->keys))) {
|
|
+ if (!c->chacha20)
|
|
+ return;
|
|
+
|
|
struct nonce nonce = btree_nonce(&bn->keys, 0);
|
|
unsigned bytes = (void *) &bn->keys - (void *) &bn->flags;
|
|
|
|
diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
|
|
index ce8fc677bef9..23a383577d4c 100644
|
|
--- a/fs/bcachefs/checksum.c
|
|
+++ b/fs/bcachefs/checksum.c
|
|
@@ -2,6 +2,7 @@
|
|
#include "bcachefs.h"
|
|
#include "checksum.h"
|
|
#include "errcode.h"
|
|
+#include "error.h"
|
|
#include "super.h"
|
|
#include "super-io.h"
|
|
|
|
@@ -252,6 +253,10 @@ int bch2_encrypt(struct bch_fs *c, unsigned type,
|
|
if (!bch2_csum_type_is_encryption(type))
|
|
return 0;
|
|
|
|
+ if (bch2_fs_inconsistent_on(!c->chacha20,
|
|
+ c, "attempting to encrypt without encryption key"))
|
|
+ return -BCH_ERR_no_encryption_key;
|
|
+
|
|
return do_encrypt(c->chacha20, nonce, data, len);
|
|
}
|
|
|
|
@@ -337,8 +342,9 @@ int __bch2_encrypt_bio(struct bch_fs *c, unsigned type,
|
|
size_t sgl_len = 0;
|
|
int ret = 0;
|
|
|
|
- if (!bch2_csum_type_is_encryption(type))
|
|
- return 0;
|
|
+ if (bch2_fs_inconsistent_on(!c->chacha20,
|
|
+ c, "attempting to encrypt without encryption key"))
|
|
+ return -BCH_ERR_no_encryption_key;
|
|
|
|
darray_init(&sgl);
|
|
|
|
diff --git a/fs/bcachefs/errcode.h b/fs/bcachefs/errcode.h
|
|
index c989ce4f715f..a12050e9c191 100644
|
|
--- a/fs/bcachefs/errcode.h
|
|
+++ b/fs/bcachefs/errcode.h
|
|
@@ -260,6 +260,7 @@
|
|
x(EIO, no_device_to_read_from) \
|
|
x(EIO, missing_indirect_extent) \
|
|
x(EIO, invalidate_stripe_to_dev) \
|
|
+ x(EIO, no_encryption_key) \
|
|
x(BCH_ERR_btree_node_read_err, btree_node_read_err_fixable) \
|
|
x(BCH_ERR_btree_node_read_err, btree_node_read_err_want_retry) \
|
|
x(BCH_ERR_btree_node_read_err, btree_node_read_err_must_retry) \
|
|
diff --git a/fs/bcachefs/io_read.c b/fs/bcachefs/io_read.c
|
|
index eb8d12fd6398..4b6b6d25725b 100644
|
|
--- a/fs/bcachefs/io_read.c
|
|
+++ b/fs/bcachefs/io_read.c
|
|
@@ -830,7 +830,7 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig,
|
|
if (!pick_ret)
|
|
goto hole;
|
|
|
|
- if (pick_ret < 0) {
|
|
+ if (unlikely(pick_ret < 0)) {
|
|
struct printbuf buf = PRINTBUF;
|
|
bch2_bkey_val_to_text(&buf, c, k);
|
|
|
|
@@ -843,6 +843,18 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig,
|
|
goto err;
|
|
}
|
|
|
|
+ if (unlikely(bch2_csum_type_is_encryption(pick.crc.csum_type)) && !c->chacha20) {
|
|
+ struct printbuf buf = PRINTBUF;
|
|
+ bch2_bkey_val_to_text(&buf, c, k);
|
|
+
|
|
+ bch_err_inum_offset_ratelimited(c,
|
|
+ read_pos.inode, read_pos.offset << 9,
|
|
+ "attempting to read encrypted data without encryption key\n %s",
|
|
+ buf.buf);
|
|
+ printbuf_exit(&buf);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
struct bch_dev *ca = bch2_dev_get_ioref(c, pick.ptr.dev, READ);
|
|
|
|
/*
|
|
--
|
|
2.45.2
|
|
|