1
0
mirror of https://github.com/kdave/btrfs-progs synced 2025-01-06 05:29:33 +00:00
Userspace utilities to manage btrfs filesystems
Go to file
Qu Wenruo a2c6c59333 btrfs-progs: image: fix the bug that filename sanitization not working
[BUG]
There is a bug report that image dump taken by "btrfs-image -s" doesn't
really sanitize the filenames:

  # truncates -s 1G source.raw
  # mkfs.btrfs -f source.raw
  # mount source.raw $mnt
  # touch $mnt/top_secret_filename
  # touch $mnt/secret_filename
  # umount $mnt
  # btrfs-image -s source.raw dump.img
  # string dump.img | grep filename
  top_secret_filename
  secret_filename
  top_secret_filename
  secret_filename
  top_secret_filename

[CAUSE]
Using above image to store the fs, and we got the following result in fs
tree:

	item 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160
		generation 3 transid 7 size 68 nbytes 16384
		block group 0 mode 40755 links 1 uid 0 gid 0 rdev 0
		sequence 2 flags 0x0(none)
	item 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12
		index 0 namelen 2 name: ..
	item 2 key (256 DIR_ITEM 439756795) itemoff 16062 itemsize 49
		location key (257 INODE_ITEM 0) type FILE
		transid 7 data_len 0 name_len 19
		name: top_secret_filename
	item 3 key (256 DIR_ITEM 693462946) itemoff 16017 itemsize 45
		location key (258 INODE_ITEM 0) type FILE
		transid 7 data_len 0 name_len 15
		name: secret_filename
	item 4 key (256 DIR_INDEX 2) itemoff 15968 itemsize 49
		location key (257 INODE_ITEM 0) type FILE
		transid 7 data_len 0 name_len 19
		name: top_secret_filename
	item 5 key (256 DIR_INDEX 3) itemoff 15923 itemsize 45
		location key (258 INODE_ITEM 0) type FILE
		transid 7 data_len 0 name_len 15
		name: secret_filename
	item 6 key (257 INODE_ITEM 0) itemoff 15763 itemsize 160
		generation 7 transid 7 size 0 nbytes 0
		block group 0 mode 100644 links 1 uid 0 gid 0 rdev 0
		sequence 1 flags 0x0(none)
	item 7 key (257 INODE_REF 256) itemoff 15734 itemsize 29
		index 2 namelen 19 name: top_secret_filename
	item 8 key (258 INODE_ITEM 0) itemoff 15574 itemsize 160
		generation 7 transid 7 size 0 nbytes 0
		block group 0 mode 100644 links 1 uid 0 gid 0 rdev 0
		sequence 1 flags 0x0(none)
	item 9 key (258 INODE_REF 256) itemoff 15549 itemsize 25
		index 3 namelen 15 name: 1���'�gc*&R

The result shows, only the last INODE_REF got sanitized, all the
remaining are not touched at all.

This is caused by how we sanitize the filenames:

 copy_buffer()
 |- memcpy(dst, src->data, src->len);
 |  This means we copy the whole eb into our buffer already.
 |
 |- zero_items()
    |- sanitize_name()
       |- eb = alloc_dummy_eb();
       |- memcpy(eb->data, src->data, src->len);
       |  This means we generate a dummy eb with the same contents of
       |  the source eb.
       |
       |- sanitize_dir_item();
       |  We override the dir item of the given item (specified by the
       |  slot number) inside our dummy eb.
       |
       |- memcpy(dst, eb->data, eb->lem);

The last one copy the dummy eb into our buffer, with only the slot
corrupted.

But when the whole work flow hits the next slot, we only corrupt the
next slot, but still copy the whole dummy eb back to buffer.

This means the previous slot would be overwritten by the old unsanitized
data.

Resulting only the last slot is corrupted.

[FIX]
Fix the bug by only copying back the corrupted item to the buffer.
So that other slots won't be overwritten by unsanitized data.

Reported-by: Andrea Gelmini <andrea.gelmini@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
2024-07-30 19:57:06 +02:00
.github/workflows btrfs-progs: ci: add run-name for codespell workflow 2024-07-30 19:56:08 +02:00
check btrfs-progs: use btrfs_link_subvolume() to replace btrfs_mksubvol() 2024-07-30 19:54:50 +02:00
ci btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
cmds btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
common btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
config btrfs-progs: detect PCLMUL CPU support for accelerated crc32c 2023-09-13 00:38:50 +02:00
convert btrfs-progs: do interactive fixing of some ambigous typos 2024-07-30 19:56:08 +02:00
crypto btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
Documentation btrfs-progs: docs: add warning for -s option of btrfs-image 2024-07-30 19:56:41 +02:00
image btrfs-progs: image: fix the bug that filename sanitization not working 2024-07-30 19:57:06 +02:00
include btrfs-progs: kerncompat: fix fallthrough definition for gcc 5.x and 6.x. 2024-07-30 19:53:33 +02:00
kernel-lib btrfs-progs: clean up includes, using include-what-you-use 2023-10-03 01:11:57 +02:00
kernel-shared btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
libbtrfs libbtrfs: fix potentially unaligned access 2024-05-25 00:37:52 +02:00
libbtrfsutil libbtrfsutil: bump version to 1.3.2 2024-06-25 17:42:19 +02:00
mkfs btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
tests btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
tune btrfs-progs: fix warnings reported by -Wold-style-definition 2024-07-30 19:53:32 +02:00
.codespellrc btrfs-progs: add codespell exceptions to ignore 2024-07-30 19:56:08 +02:00
.editorconfig
.gitignore btrfs-progs: add rudimentary codespell config 2024-07-30 19:56:08 +02:00
.readthedocs.yaml btrfs-progs: docs: add config file for readthedocs.io 2023-12-05 16:36:24 +01:00
64-btrfs-dm.rules
64-btrfs-zoned.rules
autogen.sh
btrfs-completion btrfs-progs: completion: update mkswapfile, tree-stats and map-swapfile 2024-06-24 19:18:10 +02:00
btrfs-corrupt-block.c btrfs-progs: use strncpy_null everywhere 2024-06-24 19:18:48 +02:00
btrfs-crc.c
btrfs-debugfs btrfs-progs: do interactive fixing of some ambigous typos 2024-07-30 19:56:08 +02:00
btrfs-find-root.c btrfs-progs: clean up includes, using include-what-you-use 2023-10-03 01:11:57 +02:00
btrfs-map-logical.c btrfs-progs: clean up includes, using include-what-you-use 2023-10-03 01:11:57 +02:00
btrfs-sb-mod.c btrfs-progs: sb-mod: fix build after removing log_root_transid 2023-10-21 15:51:07 +02:00
btrfs-select-super.c btrfs-progs: clean up includes, using include-what-you-use 2023-10-03 01:11:57 +02:00
btrfs.c btrfs-progs: print optional features in btrfs version 2024-07-30 19:53:32 +02:00
CHANGES btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
configure.ac btrfs-progs: add uClibc-ng compatibility for printf format %pV 2024-07-30 19:53:33 +02:00
COPYING
fsck.btrfs
inject-error btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
INSTALL btrfs-progs: INSTALL: document libraries needed for fsstress 2024-05-31 17:47:40 +02:00
Makefile btrfs-progs: introduce btrfs_make_subvolume() 2024-07-30 19:54:04 +02:00
Makefile.extrawarn btrfs-progs: enable -Wshadow for default build 2023-10-10 19:23:10 +02:00
Makefile.inc.in libbtrfs: create all .so links 2024-05-25 01:21:22 +02:00
README.md btrfs-progs: run codespell throughout fixing typos automagically 2024-07-30 19:56:08 +02:00
show-blocks
VERSION Btrfs progs v6.9.2 2024-06-27 02:12:50 +02:00

Btrfs-progs

devel coverage codecov static release

Userspace utilities to manage btrfs filesystems. License: GPLv2.

Btrfs is a copy on write (COW) filesystem for Linux aimed at implementing advanced features while focusing on fault tolerance, repair and easy administration.

This repository hosts following utilities and also documentation:

See INSTALL for build instructions, tests/README.md for testing information and ci/README.md for CI information.

Release cycle

The major version releases are time-based and follow the cycle of the linux kernel releases. The cycle usually takes 2 months. A minor version releases may happen in the meantime if there are bug fixes or minor useful improvements queued.

The release tags are signed with a GPG key ID F2B4 1200 C54E FB30 380C 1756 C565 D5F9 D76D 583B, release tarballs are hosted at kernel.org. See file CHANGES or changelogs on RTD.

Releases with changelog are also published at Github release page.

Static binaries

For each release there are static binaries of btrfs and btrfs.box provided. These can be used in rescue environments and are built for x86_64 architecture (with maximum backward compatibility), inside the Github Actions workflow. The btrfs.box is an all-in-one tool in the busybox style, the functionality is determined by the binary names (either symlink, hradlink or a file copy).

Feature compatibility

The btrfs-progs of version X.Y declare support of kernel features of the same version. New progs on old kernel are expected to work, limited only by features provided by the kernel.

Build compatibility

Build is supported on the GNU C library as the primary target, and on the musl libc.

The supported compilers are gcc (minimal version 4.8) and clang (minimal version 3.4).

Build tests are done on several distributions, see Github actions workflow.

Reporting bugs

There are several ways, each has its own specifics and audience that can give feedback or work on a fix. The following list is sorted in the order of preference:

Development

The development takes place in the mailing list (linux-btrfs@vger.kernel.org) or at Github (issues, pull requests). Changes should be split to logical parts if possible, documentation may be included in the same patch as to code or separately.

The development model of btrfs-progs shares a lot with the kernel model. The

  • one logical change per patch: e.g. not mixing bugfixes, cleanups, features etc., sometimes it's not clear and will be usually pointed out during reviews
  • proper subject line: e.g. prefix with btrfs-progs: subpart, ... , descriptive yet not too long, see git log --oneline for some inspiration
  • proper changelog: the changelogs are often missing or lacking explanation why the change was made, or how is something broken, what are user-visible effects of the bug or the fix, how does an improvement help or the intended usecase
  • the Signed-off-by line is not mandatory for less significant changes (typos, documentation) but is desired as this documents who authored the change, you can read more about the The Developer's Certificate of Origin (chapter 11)
    • if you are not used to the signed-off style, your contributions won't be rejected just because of it's missing, the Author: tag will be added as a substitute in order to allow contributions without much bothering with formalities

Pull requests

The pull requests on Github may be used for code or documentation contributions. There are basic build checks enabled in the Github actions CI for pull requests. The status can be checked at the workflow page.

  • open a PR against branches devel or master
  • push update to the same branch if you need to
  • close the PR in case it's wrong, a mistake or needs rework
  • if you're sure the changes don't need a CI build verification, please add [skip ci] to the changelog

Source code coding style and preferences follow the kernel coding style. You can find the editor settings in .editorconfig and use the EditorConfig plugin to let your editor use that, or update your editor settings manually.

Testing

The documentation for writing and running tests can be found in tests/ and continuous integration/container images in ci/.

Development branches are tested by Github Action workflows.

Code coverage provided by codecov.io can be found here.

Documentation updates

Documentation fixes or updates do not need much explanation so sticking to the code rules in the previous section is not necessary. GitHub pull requests are OK, patches could be sent to me directly and not required to be also in the mailing list. Pointing out typos via IRC also works, although might get accidentally lost in the noise.

Documentation sources are written in RST and built by sphinx.

Third-party sources

Build dependencies are listed in INSTALL. Implementation of checksum/hash functions is provided by copies of the respective sources to avoid adding dependencies that would make deployments in rescue or limited environments harder. The implementations are portable and there are optimized versions for some architectures. Optionally it's possible to use libgcrypt, libsodium, libkcapi, Botan or OpenSSL implementations.

The builtin implementations uses the following sources: CRC32C, XXHASH, SHA256, BLAKE2.

Some other code is borrowed from kernel, eg. the raid5 tables or data structure implementation (list, rb-tree).

References