diff options
| author | Kent Overstreet <kent.overstreet@linux.dev> | 2024-03-27 01:46:38 +0300 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2024-04-01 03:36:11 +0300 |
| commit | dcc1c04587aa9bc3515153f4c89cff73f2cb45b2 (patch) | |
| tree | f93b4e9c67a55782d5e8980ea31da6e5bd53ea6f /fs/bcachefs | |
| parent | 83bb58539045b15653b61c6e8eb65f3f9c671cdf (diff) | |
| download | linux-dcc1c04587aa9bc3515153f4c89cff73f2cb45b2.tar.xz | |
bcachefs: Fix use after free in check_root_trans()
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'fs/bcachefs')
| -rw-r--r-- | fs/bcachefs/fsck.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/fs/bcachefs/fsck.c b/fs/bcachefs/fsck.c index 47d4eefaba7b..6d8367ab5ddd 100644 --- a/fs/bcachefs/fsck.c +++ b/fs/bcachefs/fsck.c @@ -2098,17 +2098,21 @@ static int check_root_trans(struct btree_trans *trans) if (mustfix_fsck_err_on(ret, c, root_subvol_missing, "root subvol missing")) { - struct bkey_i_subvolume root_subvol; + struct bkey_i_subvolume *root_subvol = + bch2_trans_kmalloc(trans, sizeof(*root_subvol)); + ret = PTR_ERR_OR_ZERO(root_subvol); + if (ret) + goto err; snapshot = U32_MAX; inum = BCACHEFS_ROOT_INO; - bkey_subvolume_init(&root_subvol.k_i); - root_subvol.k.p.offset = BCACHEFS_ROOT_SUBVOL; - root_subvol.v.flags = 0; - root_subvol.v.snapshot = cpu_to_le32(snapshot); - root_subvol.v.inode = cpu_to_le64(inum); - ret = bch2_btree_insert_trans(trans, BTREE_ID_subvolumes, &root_subvol.k_i, 0); + bkey_subvolume_init(&root_subvol->k_i); + root_subvol->k.p.offset = BCACHEFS_ROOT_SUBVOL; + root_subvol->v.flags = 0; + root_subvol->v.snapshot = cpu_to_le32(snapshot); + root_subvol->v.inode = cpu_to_le64(inum); + ret = bch2_btree_insert_trans(trans, BTREE_ID_subvolumes, &root_subvol->k_i, 0); bch_err_msg(c, ret, "writing root subvol"); if (ret) goto err; |