summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorKent Overstreet <kent.overstreet@linux.dev>2023-07-17 03:56:18 +0200
committerKent Overstreet <kent.overstreet@linux.dev>2023-10-22 23:10:08 +0200
commit20e6d9a8d4050220f4e0a0195d102abaf2c8439b (patch)
tree7aaa63aa7ad1f765e969189f77ef756297cf6e4a /fs
parentbcachefs: need_snapshot_cleanup shouldn't be a fsck error (diff)
downloadlinux-20e6d9a8d4050220f4e0a0195d102abaf2c8439b.tar.xz
linux-20e6d9a8d4050220f4e0a0195d102abaf2c8439b.zip
bcachefs: Fix lookup_inode_for_snapshot()
This fixes a use-after-free. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'fs')
-rw-r--r--fs/bcachefs/fsck.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/bcachefs/fsck.c b/fs/bcachefs/fsck.c
index c8599978ae46..0d7344ff64c0 100644
--- a/fs/bcachefs/fsck.c
+++ b/fs/bcachefs/fsck.c
@@ -682,6 +682,7 @@ found:
if (snapshot != i->snapshot && !is_whiteout) {
struct inode_walker_entry new = *i;
+ size_t pos;
int ret;
new.snapshot = snapshot;
@@ -693,9 +694,12 @@ found:
while (i > w->inodes.data && i[-1].snapshot > snapshot)
--i;
- ret = darray_insert_item(&w->inodes, i - w->inodes.data, new);
+ pos = i - w->inodes.data;
+ ret = darray_insert_item(&w->inodes, pos, new);
if (ret)
return ERR_PTR(ret);
+
+ i = w->inodes.data + pos;
}
return i;