summaryrefslogtreecommitdiffstats
path: root/fs/reiserfs/lbalance.c
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2014-08-05 01:51:47 +0200
committerJan Kara <jack@suse.cz>2014-08-05 23:18:38 +0200
commit27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d (patch)
treee981aaf33962bf22bdc70a83287434e77c3188e9 /fs/reiserfs/lbalance.c
parentudf: avoid redundant memcpy when writing data in ICB (diff)
downloadlinux-27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d.tar.xz
linux-27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d.zip
reiserfs: fix corruption introduced by balance_leaf refactor
Commits f1f007c308e (reiserfs: balance_leaf refactor, pull out balance_leaf_insert_left) and cf22df182bf (reiserfs: balance_leaf refactor, pull out balance_leaf_paste_left) missed that the `body' pointer was getting repositioned. Subsequent users of the pointer would expect it to be repositioned, and as a result, parts of the tree would get overwritten. The most common observed corruption is indirect block pointers being overwritten. Since the body value isn't actually used anymore in the called routines, we can pass back the offset it should be shifted. We constify the body and ih pointers in the balance_leaf as a mostly-free preventative measure. Cc: <stable@vger.kernel.org> # 3.16 Reported-and-tested-by: Jeff Chua <jeff.chua.linux@gmail.com> Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/reiserfs/lbalance.c')
-rw-r--r--fs/reiserfs/lbalance.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/reiserfs/lbalance.c b/fs/reiserfs/lbalance.c
index d6744c8b24e1..3a74d15eb814 100644
--- a/fs/reiserfs/lbalance.c
+++ b/fs/reiserfs/lbalance.c
@@ -899,8 +899,9 @@ void leaf_delete_items(struct buffer_info *cur_bi, int last_first,
/* insert item into the leaf node in position before */
void leaf_insert_into_buf(struct buffer_info *bi, int before,
- struct item_head *inserted_item_ih,
- const char *inserted_item_body, int zeros_number)
+ struct item_head * const inserted_item_ih,
+ const char * const inserted_item_body,
+ int zeros_number)
{
struct buffer_head *bh = bi->bi_bh;
int nr, free_space;