samsung_sm8750/android_kernel_samsung_sm8750
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

btrfs: fix iteration of extrefs during log replay

Browse Source 
[ Upstream commit 54a7081ed168b72a8a2d6ef4ba3a1259705a2926 ]

At __inode_add_ref() when processing extrefs, if we jump into the next
label we have an undefined value of victim_name.len, since we haven't
initialized it before we did the goto. This results in an invalid memory
access in the next iteration of the loop since victim_name.len was not
initialized to the length of the name of the current extref.

Fix this by initializing victim_name.len with the current extref's name
length.

Fixes: e43eec81c5 ("btrfs: use struct qstr instead of name and namelen pairs")
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Filipe Manana
2025-06-23 12:11:58 +01:00
committed by Greg Kroah-Hartman
parent 79b025ebc1
commit 2d11d274e2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
fs/btrfs/tree-log.c
View File

@@ -1162,13 +1162,13 @@ again:
struct fscrypt_str victim_name; struct fscrypt_str victim_name;
extref = (struct btrfs_inode_extref *)(base + cur_offset); extref = (struct btrfs_inode_extref *)(base + cur_offset);
victim_name.len = btrfs_inode_extref_name_len(leaf, extref);
if (btrfs_inode_extref_parent(leaf, extref) != parent_objectid) if (btrfs_inode_extref_parent(leaf, extref) != parent_objectid)
goto next; goto next;
ret = read_alloc_one_name(leaf, &extref->name, ret = read_alloc_one_name(leaf, &extref->name,
btrfs_inode_extref_name_len(leaf, extref), victim_name.len, &victim_name);
&victim_name);
if (ret) if (ret)
return ret; return ret;