summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSlava Pestov <sp@daterainc.com>2015-02-01 00:27:50 -0800
committerKent Overstreet <kmo@daterainc.com>2015-02-12 23:43:31 -0800
commit62743d00d3a0e9482bda4ac1cf34922c2e3431f6 (patch)
treef50249994441be993c7e61357a3adb814f0872d0
parentf4dacb76cc5fc5d9a49f0e23c00f33a5b48dffd1 (diff)
bcache: add BUG_ONs for suspected memory scribble around btree_node_iter_next_all()
Issue DAT-1868 Change-Id: Ie34228c1425e88ba20feb7a959e89562b020b140
-rw-r--r--drivers/md/bcache/bset.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c
index 8ebbae276941..bf78c620d6a8 100644
--- a/drivers/md/bcache/bset.c
+++ b/drivers/md/bcache/bset.c
@@ -98,6 +98,8 @@ void bch_btree_node_iter_verify(struct btree_keys *b,
struct btree_node_iter_set *set;
struct bset_tree *t;
+ BUG_ON(iter->used > MAX_BSETS);
+
for (set = iter->data;
set < iter->data + iter->used;
set++) {
@@ -627,6 +629,8 @@ static struct bkey *bch_btree_node_insert_pos(struct btree_keys *b,
{
struct btree_node_iter_set *set;
+ BUG_ON(iter->used > MAX_BSETS);
+
for (set = iter->data;
set < iter->data + iter->used;
set++)
@@ -648,6 +652,8 @@ static void bch_btree_node_iter_fix(struct btree_node_iter *iter,
struct btree_node_iter_set *set;
u64 n = where->u64s;
+ BUG_ON(iter->used > MAX_BSETS);
+
for (set = iter->data;
set < iter->data + iter->used;
set++)
@@ -1030,6 +1036,7 @@ void bch_btree_node_iter_push(struct btree_node_iter *iter,
i++)
;
+ BUG_ON(iter->used >= iter->size);
memmove(&iter->data[i + 1],
&iter->data[i],
(iter->used - i) * sizeof(struct btree_node_iter_set));
@@ -1084,6 +1091,8 @@ static inline void btree_node_iter_sift(struct btree_node_iter *iter, unsigned s
{
unsigned i;
+ BUG_ON(iter->used > MAX_BSETS);
+
for (i = start;
i + 1 < iter->used &&
btree_node_iter_cmp(iter, iter->data[i], iter->data[i + 1]);
@@ -1095,6 +1104,8 @@ void bch_btree_node_iter_sort(struct btree_node_iter *iter)
{
int i;
+ BUG_ON(iter->used > MAX_BSETS);
+
for (i = iter->used - 1; i >= 0; --i)
btree_node_iter_sift(iter, i);
}
@@ -1112,8 +1123,10 @@ void bch_btree_node_iter_advance(struct btree_node_iter *iter)
BUG_ON(iter->data->k > iter->data->end);
- if (iter->data->k == iter->data->end)
+ if (iter->data->k == iter->data->end) {
+ BUG_ON(iter->used == 0);
iter->data[0] = iter->data[--iter->used];
+ }
btree_node_iter_sift(iter, 0);
}