Commit dba8243f authored by Kent Overstreet's avatar Kent Overstreet
Browse files

bcachefs: Don't try to en/decrypt when encryption not available 



If a btree node says it's encrypted, but the superblock never had an
encryptino key - whoops, that needs to be handled.

Reported-by: default avatar <syzbot+026f1857b12f5eb3f9e9@syzkaller.appspotmail.com>
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent 75eabea6

fs/bcachefs/btree_io.c

+59 −58
Original line number Diff line number Diff line
@@ -1045,23 +1045,34 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca, 


	while (b->written < (ptr_written ?: btree_sectors(c))) {

		unsigned sectors;

		struct nonce nonce;

		bool first = !b->written;

		bool csum_bad;



		if (!b->written) {

		if (first) {

			bne = NULL;

			i = &b->data->keys;

		} else {

			bne = write_block(b);

			i = &bne->keys;



			btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),

				     -BCH_ERR_btree_node_read_err_want_retry,

			if (i->seq != b->data->keys.seq)

				break;

		}



		struct nonce nonce = btree_nonce(i, b->written << 9);

		bool good_csum_type = bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i));



		btree_err_on(!good_csum_type,

			     bch2_csum_type_is_encryption(BSET_CSUM_TYPE(i))

			     ? -BCH_ERR_btree_node_read_err_must_retry

			     : -BCH_ERR_btree_node_read_err_want_retry,

			     c, ca, b, i, NULL,

			     bset_unknown_csum,

			     "unknown checksum type %llu", BSET_CSUM_TYPE(i));



			nonce = btree_nonce(i, b->written << 9);



		if (first) {

			if (good_csum_type) {

				struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, b->data);

			csum_bad = bch2_crc_cmp(b->data->csum, csum);

				bool csum_bad = bch2_crc_cmp(b->data->csum, csum);

				if (csum_bad)

					bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
@@ -1078,6 +1089,7 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca, 
				if (bch2_fs_fatal_err_on(ret, c,

							 "decrypting btree node: %s", bch2_err_str(ret)))

					goto fsck_err;

			}



			btree_err_on(btree_node_type_is_extents(btree_node_type(b)) &&

				     !BTREE_NODE_NEW_EXTENT_OVERWRITE(b->data),
@@ -1088,21 +1100,9 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca, 


			sectors = vstruct_sectors(b->data, c->block_bits);

		} else {

			bne = write_block(b);

			i = &bne->keys;



			if (i->seq != b->data->keys.seq)

				break;



			btree_err_on(!bch2_checksum_type_valid(c, BSET_CSUM_TYPE(i)),

				     -BCH_ERR_btree_node_read_err_want_retry,

				     c, ca, b, i, NULL,

				     bset_unknown_csum,

				     "unknown checksum type %llu", BSET_CSUM_TYPE(i));



			nonce = btree_nonce(i, b->written << 9);

			if (good_csum_type) {

				struct bch_csum csum = csum_vstruct(c, BSET_CSUM_TYPE(i), nonce, bne);

			csum_bad = bch2_crc_cmp(bne->csum, csum);

				bool csum_bad = bch2_crc_cmp(bne->csum, csum);

				if (ca && csum_bad)

					bch2_io_error(ca, BCH_MEMBER_ERROR_checksum);
@@ -1119,6 +1119,7 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca, 
				if (bch2_fs_fatal_err_on(ret, c,

						"decrypting btree node: %s", bch2_err_str(ret)))

					goto fsck_err;

			}



			sectors = vstruct_sectors(bne, c->block_bits);

		}

fs/bcachefs/btree_node_scan.c

+3 −0
Original line number Diff line number Diff line
@@ -159,6 +159,9 @@ static void try_read_btree_node(struct find_btree_nodes *f, struct bch_dev *ca, 
		return;



	if (bch2_csum_type_is_encryption(BSET_CSUM_TYPE(&bn->keys))) {

		if (!c->chacha20)

			return;



		struct nonce nonce = btree_nonce(&bn->keys, 0);

		unsigned bytes = (void *) &bn->keys - (void *) &bn->flags;

fs/bcachefs/checksum.c

+8 −2
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ 
#include "bcachefs.h"

#include "checksum.h"

#include "errcode.h"

#include "error.h"

#include "super.h"

#include "super-io.h"
@@ -252,6 +253,10 @@ int bch2_encrypt(struct bch_fs *c, unsigned type, 
	if (!bch2_csum_type_is_encryption(type))

		return 0;



	if (bch2_fs_inconsistent_on(!c->chacha20,

				    c, "attempting to encrypt without encryption key"))

		return -BCH_ERR_no_encryption_key;



	return do_encrypt(c->chacha20, nonce, data, len);

}
@@ -337,8 +342,9 @@ int __bch2_encrypt_bio(struct bch_fs *c, unsigned type, 
	size_t sgl_len = 0;

	int ret = 0;



	if (!bch2_csum_type_is_encryption(type))

		return 0;

	if (bch2_fs_inconsistent_on(!c->chacha20,

				    c, "attempting to encrypt without encryption key"))

		return -BCH_ERR_no_encryption_key;



	darray_init(&sgl);

fs/bcachefs/errcode.h

+1 −0
Original line number Diff line number Diff line
@@ -260,6 +260,7 @@ 
	x(EIO,				no_device_to_read_from)			\

	x(EIO,				missing_indirect_extent)		\

	x(EIO,				invalidate_stripe_to_dev)		\

	x(EIO,				no_encryption_key)			\

	x(BCH_ERR_btree_node_read_err,	btree_node_read_err_fixable)		\

	x(BCH_ERR_btree_node_read_err,	btree_node_read_err_want_retry)		\

	x(BCH_ERR_btree_node_read_err,	btree_node_read_err_must_retry)		\

fs/bcachefs/io_read.c

+13 −1
Original line number Diff line number Diff line
@@ -830,7 +830,7 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig, 
	if (!pick_ret)

		goto hole;



	if (pick_ret < 0) {

	if (unlikely(pick_ret < 0)) {

		struct printbuf buf = PRINTBUF;

		bch2_bkey_val_to_text(&buf, c, k);
@@ -843,6 +843,18 @@ int __bch2_read_extent(struct btree_trans *trans, struct bch_read_bio *orig, 
		goto err;

	}



	if (unlikely(bch2_csum_type_is_encryption(pick.crc.csum_type)) && !c->chacha20) {

		struct printbuf buf = PRINTBUF;

		bch2_bkey_val_to_text(&buf, c, k);



		bch_err_inum_offset_ratelimited(c,

				read_pos.inode, read_pos.offset << 9,

				"attempting to read encrypted data without encryption key\n  %s",

				buf.buf);

		printbuf_exit(&buf);

		goto err;

	}



	struct bch_dev *ca = bch2_dev_get_ioref(c, pick.ptr.dev, READ);



	/*