James Harvey reported one corruption where lzo compressed extent without data csum is causing "decompress failed" kernel message, and then serious random kernel memory corruption.
For the "decrompress failed" kernel message, it's indeed corrupted compressed data. However we can still harden btrfs lzo callers by do extra check on the lzo compressed data before really decompress it. It's done mostly based on the total length recorded in the first 4 bytes of a compressed extent. It should catch such corruption early. However the random kernel memory corruption still can't be reproduced even with the same binary dump. On the other hand, even btrfs(5) only specifies that nodatacow or nodatasum will disable compression, it should also work on the same inode flags level. For NODATACOW, it's working as epxected, but for NODATASUM alone, it's not working properly, the 2nd patch will enhance such check so even for NODATASUM inode, compressio will also be disabled. Qu Wenruo (2): btrfs: inode: Don't compress if NODATASUM or NODATACOW set btrfs: lzo: Avoid decompressing obviously corrupted data fs/btrfs/compression.h | 1 + fs/btrfs/inode.c | 8 ++++++++ fs/btrfs/lzo.c | 4 ++++ 3 files changed, 13 insertions(+) -- 2.17.0 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
