diff options
| author | Darrick J. Wong <djwong@kernel.org> | 2021-09-01 11:15:41 -0700 |
|---|---|---|
| committer | Darrick J. Wong <djwong@kernel.org> | 2021-12-15 17:29:09 -0800 |
| commit | f1c4544389c16e36d0bb02e4341be1fbb37b0eeb (patch) | |
| tree | 861e5d2d6d3365c77aaee19aec100babf7772671 /fs/xfs | |
| parent | 0fcda6a7ffbfe2873beb118a0d7f7a312e7dc841 (diff) | |
xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
While refactoring code, I noticed that when xfs_iroot_realloc tries to
shrink a bmbt root block, it allocates a smaller new block and then
copies "records" and pointers to the new block. However, bmbt root
blocks cannot ever be leaves, which means that it's not technically
correct to copy records. We /should/ be copying keys.
Note that this has never resulted in actual memory corruption because
sizeof(bmbt_rec) == (sizeof(bmbt_key) + sizeof(bmbt_ptr)). However,
this will no longer be true when we start adding realtime rmap stuff,
so fix this now.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Diffstat (limited to 'fs/xfs')
| -rw-r--r-- | fs/xfs/libxfs/xfs_inode_fork.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c index 345c307aed5d..a14a9284cecb 100644 --- a/fs/xfs/libxfs/xfs_inode_fork.c +++ b/fs/xfs/libxfs/xfs_inode_fork.c @@ -461,15 +461,15 @@ xfs_iroot_realloc( memcpy(new_broot, ifp->if_broot, xfs_bmbt_block_len(ip->i_mount)); /* - * Only copy the records and pointers if there are any. + * Only copy the keys and pointers if there are any. */ if (new_max > 0) { /* - * First copy the records. + * First copy the keys. */ - op = (char *)xfs_bmbt_rec_addr(mp, ifp->if_broot, 1); - np = (char *)xfs_bmbt_rec_addr(mp, new_broot, 1); - memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_rec_t)); + op = (char *)xfs_bmbt_key_addr(mp, ifp->if_broot, 1); + np = (char *)xfs_bmbt_key_addr(mp, new_broot, 1); + memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_key_t)); /* * Then copy the pointers. |