From e3b4b48c17a0f749f2786e756714a56316a519b3 Mon Sep 17 00:00:00 2001 From: Kent Overstreet Date: Sat, 24 Apr 2021 22:33:25 -0400 Subject: [PATCH] bcachefs: Fix a null ptr deref Fix a few memory safety issues, found by asan in userspace. Signed-off-by: Kent Overstreet Signed-off-by: Kent Overstreet --- fs/bcachefs/fsck.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/fs/bcachefs/fsck.c b/fs/bcachefs/fsck.c index 1ce038846476..b867576b3ffd 100644 --- a/fs/bcachefs/fsck.c +++ b/fs/bcachefs/fsck.c @@ -290,21 +290,24 @@ static int hash_redo_key(struct btree_trans *trans, struct bch_hash_info *hash_info, struct btree_iter *k_iter, struct bkey_s_c k) { - struct bkey_i delete; + struct bkey_i *delete; struct bkey_i *tmp; + delete = bch2_trans_kmalloc(trans, sizeof(*delete)); + if (IS_ERR(delete)) + return PTR_ERR(delete); + tmp = bch2_trans_kmalloc(trans, bkey_bytes(k.k)); if (IS_ERR(tmp)) return PTR_ERR(tmp); bkey_reassemble(tmp, k); - bkey_init(&delete.k); - delete.k.p = k_iter->pos; - bch2_trans_update(trans, k_iter, &delete, 0); + bkey_init(&delete->k); + delete->k.p = k_iter->pos; + bch2_trans_update(trans, k_iter, delete, 0); - return bch2_hash_set(trans, desc, hash_info, k_iter->pos.inode, - tmp, 0); + return bch2_hash_set(trans, desc, hash_info, k_iter->pos.inode, tmp, 0); } static int fsck_hash_delete_at(struct btree_trans *trans, @@ -377,9 +380,8 @@ static int hash_check_key(struct btree_trans *trans, return ret; bad_hash: if (fsck_err(c, "hash table key at wrong offset: btree %u inode %llu offset %llu, " - "hashed to %llu should be at %llu\n%s", - desc.btree_id, hash_k.k->p.inode, hash_k.k->p.offset, - hash, iter->pos.offset, + "hashed to %llu\n%s", + desc.btree_id, hash_k.k->p.inode, hash_k.k->p.offset, hash, (bch2_bkey_val_to_text(&PBUF(buf), c, hash_k), buf)) == FSCK_ERR_IGNORE) return 0;