bcachefs: Fix shift-out-of-bounds in bch2_blacklist_entries_gc

This series fix the shift-out-of-bounds issue in bch2_blacklist_entries_gc(). Instead of passing 0 to eytzinger0_first() when iterating the entries, we explicitly check 0 and initialize i to be 0. syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+835d255ad6bc7f29ee12@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=835d255ad6bc7f29ee12 Signed-off-by: Pei Li <peili.dev@gmail.com> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
author: Pei Li <peili.dev@gmail.com> 2024-06-25 11:41:29 -0700
committer: Kent Overstreet <kent.overstreet@linux.dev> 2024-06-25 17:53:31 -0400
commit: 472237b69d071c877e97bf0bc3eab1be865fad29 (patch)
tree: d523573327871abeda20e0455ca1703a7c016f15 /fs
parent: 211c581de28e7741898720b5f74da4e62f37f972 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/journal_seq_blacklist.c b/fs/bcachefs/journal_seq_blacklist.c
index ed4846709611..1f25c111c54c 100644
--- a/fs/bcachefs/journal_seq_blacklist.c
+++ b/fs/bcachefs/journal_seq_blacklist.c
@@ -232,7 +232,7 @@ bool bch2_blacklist_entries_gc(struct bch_fs *c)
 	BUG_ON(nr != t->nr);
 
 	unsigned i;
-	for (src = bl->start, i = eytzinger0_first(t->nr);
+	for (src = bl->start, i = t->nr == 0 ? 0 : eytzinger0_first(t->nr);
 	     src < bl->start + nr;
 	     src++, i = eytzinger0_next(i, nr)) {
 		BUG_ON(t->entries[i].start	!= le64_to_cpu(src->start));
author	Pei Li <peili.dev@gmail.com>	2024-06-25 11:41:29 -0700
committer	Kent Overstreet <kent.overstreet@linux.dev>	2024-06-25 17:53:31 -0400
commit	472237b69d071c877e97bf0bc3eab1be865fad29 (patch)
tree	d523573327871abeda20e0455ca1703a7c016f15 /fs
parent	211c581de28e7741898720b5f74da4e62f37f972 (diff)