From e42951b0aa50bb67b29da1af1099013c1aeb1d9d Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@gmail.com>
Date: Wed, 21 Aug 2019 18:35:15 -0400
Subject: bcachefs: Fix bch2_sort_repack_merge()

bch2_bkey_normalize() modifies the value, and we were modifying the
original value in the src btree node - but, we're called without a write
lock held on the src node. Oops...

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---
 fs/bcachefs/bkey_sort.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

(limited to 'fs/bcachefs/bkey_sort.c')

diff --git a/fs/bcachefs/bkey_sort.c b/fs/bcachefs/bkey_sort.c
index 9f5d9b4bf1c9..e32fad5a91ac 100644
--- a/fs/bcachefs/bkey_sort.c
+++ b/fs/bcachefs/bkey_sort.c
@@ -415,25 +415,22 @@ bch2_sort_repack_merge(struct bch_fs *c,
 		       struct bkey_format *out_f,
 		       bool filter_whiteouts)
 {
-	struct bkey_packed *prev = NULL, *k_packed, *next;
-	struct bkey k_unpacked;
+	struct bkey_packed *prev = NULL, *k_packed;
 	struct bkey_s k;
 	struct btree_nr_keys nr;
+	BKEY_PADDED(k) tmp;
 
 	memset(&nr, 0, sizeof(nr));
 
-	next = bch2_btree_node_iter_next_all(iter, src);
-	while ((k_packed = next)) {
-		/*
-		 * The filter might modify the size of @k's value, so advance
-		 * the iterator first:
-		 */
-		next = bch2_btree_node_iter_next_all(iter, src);
-
+	while ((k_packed = bch2_btree_node_iter_next_all(iter, src))) {
 		if (filter_whiteouts && bkey_whiteout(k_packed))
 			continue;
 
-		k = __bkey_disassemble(src, k_packed, &k_unpacked);
+		EBUG_ON(bkeyp_val_u64s(&src->format, k_packed) >
+			BKEY_EXTENT_VAL_U64s_MAX);
+
+		bch2_bkey_unpack(src, &tmp.k, k_packed);
+		k = bkey_i_to_s(&tmp.k);
 
 		if (filter_whiteouts &&
 		    bch2_bkey_normalize(c, k))
-- 
cgit v1.2.3