Commit 877da05f authored by Kent Overstreet's avatar Kent Overstreet Committed by Kent Overstreet

bcachefs: Zero out mem_ptr field in btree ptr keys from journal replay

This fixes a bad ptr deref on recovery from unclean shutdown in
bch2_btree_node_get_noiter().
Signed-off-by: default avatarKent Overstreet <kent.overstreet@gmail.com>
parent 9cba7bf7
...@@ -39,6 +39,20 @@ static void drop_alloc_keys(struct journal_keys *keys) ...@@ -39,6 +39,20 @@ static void drop_alloc_keys(struct journal_keys *keys)
keys->nr = dst; keys->nr = dst;
} }
/*
* Btree node pointers have a field to stack a pointer to the in memory btree
* node; we need to zero out this field when reading in btree nodes, or when
* reading in keys from the journal:
*/
static void zero_out_btree_mem_ptr(struct journal_keys *keys)
{
struct journal_key *i;
for (i = keys->d; i < keys->d + keys->nr; i++)
if (i->k->k.type == KEY_TYPE_btree_ptr_v2)
bkey_i_to_btree_ptr_v2(i->k)->v.mem_ptr = 0;
}
/* iterate over keys read from the journal: */ /* iterate over keys read from the journal: */
static int __journal_key_cmp(enum btree_id l_btree_id, static int __journal_key_cmp(enum btree_id l_btree_id,
...@@ -1072,6 +1086,8 @@ int bch2_fs_recovery(struct bch_fs *c) ...@@ -1072,6 +1086,8 @@ int bch2_fs_recovery(struct bch_fs *c)
drop_alloc_keys(&c->journal_keys); drop_alloc_keys(&c->journal_keys);
} }
zero_out_btree_mem_ptr(&c->journal_keys);
ret = journal_replay_early(c, clean, &c->journal_entries); ret = journal_replay_early(c, clean, &c->journal_entries);
if (ret) if (ret)
goto err; goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment