bcachefs: slab-use-after-free Read in bch2_sb_errors_from_cpu
Acquire fsck_error_counts_lock before accessing the critical section protected by this lock. syzbot has tested the proposed patch and the reproducer did not trigger any issue. Reported-by: syzbot+a2bc0e838efd7663f4d9@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=a2bc0e838efd7663f4d9 Signed-off-by: Pei Li <peili.dev@gmail.com> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
parent
89d21b69b4
commit
211c581de2
@ -110,19 +110,25 @@ out:
|
|||||||
void bch2_sb_errors_from_cpu(struct bch_fs *c)
|
void bch2_sb_errors_from_cpu(struct bch_fs *c)
|
||||||
{
|
{
|
||||||
bch_sb_errors_cpu *src = &c->fsck_error_counts;
|
bch_sb_errors_cpu *src = &c->fsck_error_counts;
|
||||||
struct bch_sb_field_errors *dst =
|
struct bch_sb_field_errors *dst;
|
||||||
bch2_sb_field_resize(&c->disk_sb, errors,
|
|
||||||
bch2_sb_field_errors_u64s(src->nr));
|
|
||||||
unsigned i;
|
unsigned i;
|
||||||
|
|
||||||
|
mutex_lock(&c->fsck_error_counts_lock);
|
||||||
|
|
||||||
|
dst = bch2_sb_field_resize(&c->disk_sb, errors,
|
||||||
|
bch2_sb_field_errors_u64s(src->nr));
|
||||||
|
|
||||||
if (!dst)
|
if (!dst)
|
||||||
return;
|
goto err;
|
||||||
|
|
||||||
for (i = 0; i < src->nr; i++) {
|
for (i = 0; i < src->nr; i++) {
|
||||||
SET_BCH_SB_ERROR_ENTRY_ID(&dst->entries[i], src->data[i].id);
|
SET_BCH_SB_ERROR_ENTRY_ID(&dst->entries[i], src->data[i].id);
|
||||||
SET_BCH_SB_ERROR_ENTRY_NR(&dst->entries[i], src->data[i].nr);
|
SET_BCH_SB_ERROR_ENTRY_NR(&dst->entries[i], src->data[i].nr);
|
||||||
dst->entries[i].last_error_time = cpu_to_le64(src->data[i].last_error_time);
|
dst->entries[i].last_error_time = cpu_to_le64(src->data[i].last_error_time);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err:
|
||||||
|
mutex_unlock(&c->fsck_error_counts_lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int bch2_sb_errors_to_cpu(struct bch_fs *c)
|
static int bch2_sb_errors_to_cpu(struct bch_fs *c)
|
||||||
|
Loading…
Reference in New Issue
Block a user