diff options
| author | Kent Overstreet <kent.overstreet@linux.dev> | 2024-09-23 23:30:59 +0200 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2024-09-28 03:46:34 +0200 |
| commit | 4a8f8fafbd6ba6f3433c986b00195e0a8dee96bf (patch) | |
| tree | b25b419fa6ad5a1cceb3d1561d8bcee1a7826e97 | |
| parent | bcachefs: Mark inode errors as autofix (diff) | |
| download | linux-4a8f8fafbd6ba6f3433c986b00195e0a8dee96bf.tar.xz linux-4a8f8fafbd6ba6f3433c986b00195e0a8dee96bf.zip | |
bcachefs: Add extra padding in bkey_make_mut_noupdate()
This fixes a kasan splat in propagate_key_to_snapshot_leaves() -
varint_decode_fast() does reads (that it never uses) up to 7 bytes past
the end of the integer.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
| -rw-r--r-- | fs/bcachefs/btree_update.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/bcachefs/btree_update.h b/fs/bcachefs/btree_update.h index 60393e98084d..6a454f2fa005 100644 --- a/fs/bcachefs/btree_update.h +++ b/fs/bcachefs/btree_update.h @@ -220,7 +220,8 @@ static inline struct bkey_i *__bch2_bkey_make_mut_noupdate(struct btree_trans *t if (type && k.k->type != type) return ERR_PTR(-ENOENT); - mut = bch2_trans_kmalloc_nomemzero(trans, bytes); + /* extra padding for varint_decode_fast... */ + mut = bch2_trans_kmalloc_nomemzero(trans, bytes + 8); if (!IS_ERR(mut)) { bkey_reassemble(mut, k); |