diff options
| author | Filipe Manana <fdmanana@suse.com> | 2023-01-12 17:17:20 +0300 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2023-01-16 21:46:38 +0300 |
| commit | 1f55ee6d0901d915801618bda0af4e5b937e3db7 (patch) | |
| tree | 5b586ab7e4951c99b0d65173ac3df49d856e68fc /fs/xfs/xfs_acl.c | |
| parent | 26ecf243e407be54807ad67210f7e83b9fad71ea (diff) | |
| download | linux-1f55ee6d0901d915801618bda0af4e5b937e3db7.tar.xz | |
btrfs: fix invalid leaf access due to inline extent during lseek
During lseek, for SEEK_DATA and SEEK_HOLE modes, we access the disk_bytenr
of an extent without checking its type. However inline extents have their
data starting the offset of the disk_bytenr field, so accessing that field
when we have an inline extent can result in either of the following:
1) Interpret the inline extent's data as a disk_bytenr value;
2) In case the inline data is less than 8 bytes, we access part of some
other item in the leaf, or unused space in the leaf;
3) In case the inline data is less than 8 bytes and the extent item is
the first item in the leaf, we can access beyond the leaf's limit.
So fix this by not accessing the disk_bytenr field if we have an inline
extent.
Fixes: b6e833567ea1 ("btrfs: make hole and data seeking a lot more efficient")
Reported-by: Matthias Schoepfer <matthias.schoepfer@googlemail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216908
Link: https://lore.kernel.org/linux-btrfs/7f25442f-b121-2a3a-5a3d-22bcaae83cd4@leemhuis.info/
CC: stable@vger.kernel.org # 6.1
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs/xfs/xfs_acl.c')
0 files changed, 0 insertions, 0 deletions