projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 757601e) | patch
bcachefs: Fix downgrade_table_extra()
authorKent Overstreet <kent.overstreet@linux.dev>
Sun, 8 Jun 2025 15:58:59 +0000 (11:58 -0400)
committerKent Overstreet <kent.overstreet@linux.dev>
Thu, 12 Jun 2025 03:21:30 +0000 (23:21 -0400)
commit082c74411491f8b0d31465fc104b8342e66c4056
tree9719aaa2f4a1807e6891e6aa9ade1440180ff9bftree
parent757601ef853359fe2d57d75c00b5045f62efc608commit | diff
bcachefs: Fix downgrade_table_extra()

Fix a UAF: we were calling darray_make_room() and retaining a pointer to
the old buffer.

And fix an UBSAN warning: struct bch_sb_field_downgrade_entry uses
__counted_by, so set dst->nr_errors before assigning to the array entry.

Reported-by: syzbot+14c52d86ddbd89bea13e@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
fs/bcachefs/sb-downgrade.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)