Commit 22d8a33d authored by Yuxuan Shui's avatar Yuxuan Shui Committed by Kent Overstreet

bcachefs: fix stack corruption

When a bkey_on_stack is passed to bch_read_indirect_extent, there is no
guarantee that it will be big enough to hold the bkey. And
bch_read_indirect_extent is not aware of bkey_on_stack to call realloc
on it. This cause a stack corruption.

This commit makes bch_read_indirect_extent aware of bkey_on_stack so it
can call realloc when appropriate.
Tested-by: default avatarYuxuan Shui <yshuiv7@gmail.com>
Signed-off-by: default avatarYuxuan Shui <yshuiv7@gmail.com>
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent a1b0da45
...@@ -788,7 +788,7 @@ static void bchfs_read(struct btree_trans *trans, struct btree_iter *iter, ...@@ -788,7 +788,7 @@ static void bchfs_read(struct btree_trans *trans, struct btree_iter *iter,
sectors = k.k->size - offset_into_extent; sectors = k.k->size - offset_into_extent;
ret = bch2_read_indirect_extent(trans, ret = bch2_read_indirect_extent(trans,
&offset_into_extent, sk.k); &offset_into_extent, &sk);
if (ret) if (ret)
break; break;
......
...@@ -918,7 +918,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info, ...@@ -918,7 +918,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
sectors = k.k->size - offset_into_extent; sectors = k.k->size - offset_into_extent;
ret = bch2_read_indirect_extent(&trans, ret = bch2_read_indirect_extent(&trans,
&offset_into_extent, cur.k); &offset_into_extent, &cur);
if (ret) if (ret)
break; break;
......
...@@ -1642,7 +1642,7 @@ static void bch2_read_retry(struct bch_fs *c, struct bch_read_bio *rbio, ...@@ -1642,7 +1642,7 @@ static void bch2_read_retry(struct bch_fs *c, struct bch_read_bio *rbio,
sectors = k.k->size - offset_into_extent; sectors = k.k->size - offset_into_extent;
ret = bch2_read_indirect_extent(&trans, ret = bch2_read_indirect_extent(&trans,
&offset_into_extent, sk.k); &offset_into_extent, &sk);
if (ret) if (ret)
break; break;
...@@ -1944,14 +1944,14 @@ static void bch2_read_endio(struct bio *bio) ...@@ -1944,14 +1944,14 @@ static void bch2_read_endio(struct bio *bio)
int __bch2_read_indirect_extent(struct btree_trans *trans, int __bch2_read_indirect_extent(struct btree_trans *trans,
unsigned *offset_into_extent, unsigned *offset_into_extent,
struct bkey_i *orig_k) struct bkey_on_stack *orig_k)
{ {
struct btree_iter *iter; struct btree_iter *iter;
struct bkey_s_c k; struct bkey_s_c k;
u64 reflink_offset; u64 reflink_offset;
int ret; int ret;
reflink_offset = le64_to_cpu(bkey_i_to_reflink_p(orig_k)->v.idx) + reflink_offset = le64_to_cpu(bkey_i_to_reflink_p(orig_k->k)->v.idx) +
*offset_into_extent; *offset_into_extent;
iter = bch2_trans_get_iter(trans, BTREE_ID_REFLINK, iter = bch2_trans_get_iter(trans, BTREE_ID_REFLINK,
...@@ -1974,7 +1974,7 @@ int __bch2_read_indirect_extent(struct btree_trans *trans, ...@@ -1974,7 +1974,7 @@ int __bch2_read_indirect_extent(struct btree_trans *trans,
} }
*offset_into_extent = iter->pos.offset - bkey_start_offset(k.k); *offset_into_extent = iter->pos.offset - bkey_start_offset(k.k);
bkey_reassemble(orig_k, k); bkey_on_stack_reassemble(orig_k, trans->c, k);
err: err:
bch2_trans_iter_put(trans, iter); bch2_trans_iter_put(trans, iter);
return ret; return ret;
...@@ -2281,7 +2281,7 @@ void bch2_read(struct bch_fs *c, struct bch_read_bio *rbio, u64 inode) ...@@ -2281,7 +2281,7 @@ void bch2_read(struct bch_fs *c, struct bch_read_bio *rbio, u64 inode)
k = bkey_i_to_s_c(sk.k); k = bkey_i_to_s_c(sk.k);
ret = bch2_read_indirect_extent(&trans, ret = bch2_read_indirect_extent(&trans,
&offset_into_extent, sk.k); &offset_into_extent, &sk);
if (ret) if (ret)
goto err; goto err;
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
#define _BCACHEFS_IO_H #define _BCACHEFS_IO_H
#include "checksum.h" #include "checksum.h"
#include "bkey_on_stack.h"
#include "io_types.h" #include "io_types.h"
#define to_wbio(_bio) \ #define to_wbio(_bio) \
...@@ -114,13 +115,13 @@ struct cache_promote_op; ...@@ -114,13 +115,13 @@ struct cache_promote_op;
struct extent_ptr_decoded; struct extent_ptr_decoded;
int __bch2_read_indirect_extent(struct btree_trans *, unsigned *, int __bch2_read_indirect_extent(struct btree_trans *, unsigned *,
struct bkey_i *); struct bkey_on_stack *);
static inline int bch2_read_indirect_extent(struct btree_trans *trans, static inline int bch2_read_indirect_extent(struct btree_trans *trans,
unsigned *offset_into_extent, unsigned *offset_into_extent,
struct bkey_i *k) struct bkey_on_stack *k)
{ {
return k->k.type == KEY_TYPE_reflink_p return k->k->k.type == KEY_TYPE_reflink_p
? __bch2_read_indirect_extent(trans, offset_into_extent, k) ? __bch2_read_indirect_extent(trans, offset_into_extent, k)
: 0; : 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment