diff options
| author | Kent Overstreet <kent.overstreet@gmail.com> | 2020-11-11 12:42:54 -0500 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-10-22 17:08:46 -0400 |
| commit | 6d9378f3dcd7b91effdc4ffe1da1a2e8987e9f1e (patch) | |
| tree | 6b84107a03c382ffddb3a0c72ab78422db57cbcf | |
| parent | e648448ca562af0cb11729ce6fad0f860fa42cb4 (diff) | |
bcachefs: Hack around bch2_varint_decode invalid reads
bch2_varint_decode can do reads up to 7 bytes past the end ptr, for the
sake of performance - these extra bytes are always masked off.
This won't be a problem in practice if we make sure to burn 8 bytes in
any buffer that has bkeys in it.
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
| -rw-r--r-- | fs/bcachefs/btree_io.c | 3 | ||||
| -rw-r--r-- | fs/bcachefs/btree_update_interior.h | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c index 0de703c5b4b7..302ee3851b0d 100644 --- a/fs/bcachefs/btree_io.c +++ b/fs/bcachefs/btree_io.c @@ -1532,6 +1532,9 @@ void __bch2_btree_node_write(struct bch_fs *c, struct btree *b, seq = max(seq, le64_to_cpu(i->journal_seq)); } + /* bch2_varint_decode may read up to 7 bytes past the end of the buffer: */ + bytes += 8; + data = btree_bounce_alloc(c, bytes, &used_mempool); if (!b->written) { diff --git a/fs/bcachefs/btree_update_interior.h b/fs/bcachefs/btree_update_interior.h index 7668225e72c6..41854fc345d2 100644 --- a/fs/bcachefs/btree_update_interior.h +++ b/fs/bcachefs/btree_update_interior.h @@ -237,6 +237,9 @@ static inline ssize_t __bch_btree_u64s_remaining(struct bch_fs *c, b->whiteout_u64s; ssize_t total = c->opts.btree_node_size << 6; + /* Always leave one extra u64 for bch2_varint_decode: */ + used++; + return total - used; } |