diff options
| author |   Dan Robertson <dan@dlrobertson.com> | 2021-05-07 22:29:02 -0400 |
|---|---|---|
| committer |   Kent Overstreet <kent.overstreet@linux.dev> | 2023-10-22 17:09:03 -0400 |
| commit | 5bc38f44fa8e938044bb3b69c8881f3682fe97f6 (patch) | |
| tree | f5d432f629e34b444fa4779dd48cb5c7032668b3 | |
| parent | bcachefs: Fix usage of last_seq + encryption (diff) | |
| download | wireguard-linux-5bc38f44fa8e938044bb3b69c8881f3682fe97f6.tar.xz wireguard-linux-5bc38f44fa8e938044bb3b69c8881f3682fe97f6.zip | |
bcachefs: Fix oob write in __bch2_btree_node_write
Fix a possible out of bounds write in __bch2_btree_node_write when
the data buffer padding is cleared up to the block size. The out of
bounds write is possible if the data buffers size is not a multiple
of the block size.
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
| -rw-r--r-- | fs/bcachefs/btree_io.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c index 389524ce1fb6..dbaa05ac764c 100644 --- a/fs/bcachefs/btree_io.c +++ b/fs/bcachefs/btree_io.c @@ -1500,6 +1500,9 @@ void __bch2_btree_node_write(struct bch_fs *c, struct btree *b) /* bch2_varint_decode may read up to 7 bytes past the end of the buffer: */ bytes += 8; + /* buffer must be a multiple of the block size */ + bytes = round_up(bytes, block_bytes(c)); + data = btree_bounce_alloc(c, bytes, &used_mempool); if (!b->written) { |