xfs: fix out of bounds memory access in scrub
This is a quick fix for a few internal syzbot reports concerning an invalid memory access in the scrub code. This has been lightly tested with fstests. Enjoy! Signed-off-by: Darrick J. Wong <djwong@kernel.org> -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQ2qTKExjcn+O1o2YRKO3ySh0YRpgUCZQChOgAKCRBKO3ySh0YR pkKbAQCKg0+VAqr2UuKT7PygRSUaLNybnMBHetDZyd1maEl7OQD7BGuM9AxwXWFp hL0Jq/HN5yeArrueGKMd0K3u1HRjJQE= =XwHc -----END PGP SIGNATURE----- Merge tag 'fix-scrub-6.6_2023-09-12' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.6-fixesA xfs: fix out of bounds memory access in scrub This is a quick fix for a few internal syzbot reports concerning an invalid memory access in the scrub code. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Chandan Babu R <chandanbabu@kernel.org> * tag 'fix-scrub-6.6_2023-09-12' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux: xfs: only call xchk_stats_merge after validating scrub inputs
This commit is contained in:
commit
1155b12edb
@ -588,6 +588,8 @@ out_nofix:
|
||||
out_teardown:
|
||||
error = xchk_teardown(sc, error);
|
||||
out_sc:
|
||||
if (error != -ENOENT)
|
||||
xchk_stats_merge(mp, sm, &run);
|
||||
kfree(sc);
|
||||
out:
|
||||
trace_xchk_done(XFS_I(file_inode(file)), sm, error);
|
||||
@ -595,8 +597,6 @@ out:
|
||||
sm->sm_flags |= XFS_SCRUB_OFLAG_CORRUPT;
|
||||
error = 0;
|
||||
}
|
||||
if (error != -ENOENT)
|
||||
xchk_stats_merge(mp, sm, &run);
|
||||
return error;
|
||||
need_drain:
|
||||
error = xchk_teardown(sc, 0);
|
||||
|
@ -185,7 +185,10 @@ xchk_stats_merge_one(
|
||||
{
|
||||
struct xchk_scrub_stats *css;
|
||||
|
||||
ASSERT(sm->sm_type < XFS_SCRUB_TYPE_NR);
|
||||
if (sm->sm_type >= XFS_SCRUB_TYPE_NR) {
|
||||
ASSERT(sm->sm_type < XFS_SCRUB_TYPE_NR);
|
||||
return;
|
||||
}
|
||||
|
||||
css = &cs->cs_stats[sm->sm_type];
|
||||
spin_lock(&css->css_lock);
|
||||
|
Loading…
Reference in New Issue
Block a user