Commit 9242a34b authored by Kent Overstreet's avatar Kent Overstreet

bcachefs: Fix sb-downgrade validation

Superblock downgrade entries are only two byte aligned, but section
sizes are 8 byte aligned, which means we have to be careful about
overrun checks; an entry that crosses the end of the section is allowed
(and ignored) as long as it has zero errors.
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent d509cadc
...@@ -146,10 +146,17 @@ static int bch2_sb_downgrade_validate(struct bch_sb *sb, struct bch_sb_field *f, ...@@ -146,10 +146,17 @@ static int bch2_sb_downgrade_validate(struct bch_sb *sb, struct bch_sb_field *f,
for (const struct bch_sb_field_downgrade_entry *i = e->entries; for (const struct bch_sb_field_downgrade_entry *i = e->entries;
(void *) i < vstruct_end(&e->field); (void *) i < vstruct_end(&e->field);
i = downgrade_entry_next_c(i)) { i = downgrade_entry_next_c(i)) {
/*
* Careful: sb_field_downgrade_entry is only 2 byte aligned, but
* section sizes are 8 byte aligned - an empty entry spanning
* the end of the section is allowed (and ignored):
*/
if ((void *) &i->errors[0] > vstruct_end(&e->field))
break;
if (flags & BCH_VALIDATE_write && if (flags & BCH_VALIDATE_write &&
((void *) &i->errors[0] > vstruct_end(&e->field) || (void *) downgrade_entry_next_c(i) > vstruct_end(&e->field)) {
(void *) downgrade_entry_next_c(i) > vstruct_end(&e->field))) { prt_printf(err, "downgrade entry overruns end of superblock section");
prt_printf(err, "downgrade entry overruns end of superblock section)");
return -BCH_ERR_invalid_sb_downgrade; return -BCH_ERR_invalid_sb_downgrade;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment