From 70d61a7036c8d046889a4bf4eda504a6a56b2642 Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@gmail.com>
Date: Mon, 18 Oct 2021 11:32:06 -0400
Subject: bcachefs: Zero out reflink_p val in bch2_make_extent_indirect()

This bug was only discovered when we started using the 2nd word in the
val, which should have been zeroed out as those fields had never been
used before - ouch.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
---
 fs/bcachefs/reflink.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'fs/bcachefs/reflink.c')

diff --git a/fs/bcachefs/reflink.c b/fs/bcachefs/reflink.c
index 92ff609453b8..c63c95fc49b1 100644
--- a/fs/bcachefs/reflink.c
+++ b/fs/bcachefs/reflink.c
@@ -166,9 +166,15 @@ static int bch2_make_extent_indirect(struct btree_trans *trans,
 	if (ret)
 		goto err;
 
+	/*
+	 * orig is in a bkey_buf which statically allocates 5 64s for the val,
+	 * so we know it will be big enough:
+	 */
 	orig->k.type = KEY_TYPE_reflink_p;
 	r_p = bkey_i_to_reflink_p(orig);
 	set_bkey_val_bytes(&r_p->k, sizeof(r_p->v));
+	memset(&r_p->v, 0, sizeof(r_p->v));
+
 	r_p->v.idx = cpu_to_le64(bkey_start_offset(&r_v->k));
 
 	ret = bch2_trans_update(trans, extent_iter, &r_p->k_i, 0);
-- 
cgit v1.2.3