korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-27 14:14:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

bcachefs: Fix use after free in check_root_trans()

Browse Source 
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Kent Overstreet 2024-03-26 18:46:38 -04:00
parent 83bb585390
commit dcc1c04587
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
fs/bcachefs/fsck.c
View File

@ -2098,17 +2098,21 @@ static int check_root_trans(struct btree_trans *trans)
if (mustfix_fsck_err_on(ret, c, root_subvol_missing,
"root subvol missing")) {
struct bkey_i_subvolume root_subvol;
struct bkey_i_subvolume *root_subvol =
bch2_trans_kmalloc(trans, sizeof(*root_subvol));
ret = PTR_ERR_OR_ZERO(root_subvol);
if (ret)
goto err;
snapshot = U32_MAX;
inum = BCACHEFS_ROOT_INO;
bkey_subvolume_init(&root_subvol.k_i);
root_subvol.k.p.offset = BCACHEFS_ROOT_SUBVOL;
root_subvol.v.flags = 0;
root_subvol.v.snapshot = cpu_to_le32(snapshot);
root_subvol.v.inode = cpu_to_le64(inum);
ret = bch2_btree_insert_trans(trans, BTREE_ID_subvolumes, &root_subvol.k_i, 0);
bkey_subvolume_init(&root_subvol->k_i);
root_subvol->k.p.offset = BCACHEFS_ROOT_SUBVOL;
root_subvol->v.flags = 0;
root_subvol->v.snapshot = cpu_to_le32(snapshot);
root_subvol->v.inode = cpu_to_le64(inum);
ret = bch2_btree_insert_trans(trans, BTREE_ID_subvolumes, &root_subvol->k_i, 0);
bch_err_msg(c, ret, "writing root subvol");
if (ret)
goto err;