diff options
| author | Kent Overstreet <kent.overstreet@linux.dev> | 2023-04-16 14:10:46 +0300 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-10-23 00:10:00 +0300 |
| commit | 615fccada50247abbc61c6c0a0d9c717b3fb6290 (patch) | |
| tree | 68558aa242722f3eec272563970dd62e5806d906 /fs/bcachefs/alloc_background.c | |
| parent | 853b7393c20d5e129f2b16719102a05bbb5dc36f (diff) | |
| download | linux-615fccada50247abbc61c6c0a0d9c717b3fb6290.tar.xz | |
bcachefs: Fix a slab-out-of-bounds
In __bch2_alloc_to_v4_mut(), we overrun the buffer we allocate if the
alloc key had backpointers stored in it (which we no longer support).
Fix this with a max() call.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'fs/bcachefs/alloc_background.c')
| -rw-r--r-- | fs/bcachefs/alloc_background.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/alloc_background.c b/fs/bcachefs/alloc_background.c index 06032556d5c4..4032d1940884 100644 --- a/fs/bcachefs/alloc_background.c +++ b/fs/bcachefs/alloc_background.c @@ -479,7 +479,7 @@ __bch2_alloc_to_v4_mut(struct btree_trans *trans, struct bkey_s_c k) { struct bkey_i_alloc_v4 *ret; - ret = bch2_trans_kmalloc(trans, sizeof(struct bkey_i_alloc_v4)); + ret = bch2_trans_kmalloc(trans, max(bkey_bytes(k.k), sizeof(struct bkey_i_alloc_v4))); if (IS_ERR(ret)) return ret; |