diff options
| author | Kent Overstreet <[email protected]> | 2023-10-26 17:00:36 -0400 |
|---|---|---|
| committer | Kent Overstreet <[email protected]> | 2023-11-01 21:11:07 -0400 |
| commit | e84843489c15bf9d39eec3a9a95870f98a71ac24 (patch) | |
| tree | b7455d729872ef95a438e9001b8dabb16d17c8cc | |
| parent | 5c1ab40e76dd873bfbfbe4df98ca3e08de31d30d (diff) | |
bcachefs: Fix a kasan splat in bch2_dev_add()
This fixes a use after free - mi is dangling after the resize call.
Additionally, resizing the device's member info section was useless - we
were attempting to preallocate the space required before adding it to
the filesystem superblock, but there's other sections that we should
have been preallocating as well for that to work.
Signed-off-by: Kent Overstreet <[email protected]>
| -rw-r--r-- | fs/bcachefs/super.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/fs/bcachefs/super.c b/fs/bcachefs/super.c index ce59018b27ac..835342b56003 100644 --- a/fs/bcachefs/super.c +++ b/fs/bcachefs/super.c @@ -1622,16 +1622,6 @@ int bch2_dev_add(struct bch_fs *c, const char *path) goto err_unlock; } - mi = bch2_sb_field_get(ca->disk_sb.sb, members_v2); - - if (!bch2_sb_field_resize(&ca->disk_sb, members_v2, - le32_to_cpu(mi->field.u64s) + - sizeof(dev_mi) / sizeof(u64))) { - ret = -BCH_ERR_ENOSPC_sb_members; - bch_err_msg(c, ret, "setting up new superblock"); - goto err_unlock; - } - if (dynamic_fault("bcachefs:add:no_slot")) goto no_slot; @@ -1645,6 +1635,8 @@ no_slot: have_slot: nr_devices = max_t(unsigned, dev_idx + 1, c->sb.nr_devices); + + mi = bch2_sb_field_get(c->disk_sb.sb, members_v2); u64s = DIV_ROUND_UP(sizeof(struct bch_sb_field_members_v2) + le16_to_cpu(mi->member_bytes) * nr_devices, sizeof(u64)); |