bcachefs: Hack around bch2_varint_decode invalid reads

bch2_varint_decode can do reads up to 7 bytes past the end ptr, for the
sake of performance - these extra bytes are always masked off.

This won't be a problem in practice if we make sure to burn 8 bytes in
any buffer that has bkeys in it.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c
index 0de703c5b4b79d981474d58586bf566a13a72cf9..302ee3851b0da0895dd92feedf3fd5e6afec8c3a 100644 (file)
--- a/fs/bcachefs/btree_io.c
+++ b/fs/bcachefs/btree_io.c
@@ -1532,6 +1532,9 @@ void __bch2_btree_node_write(struct bch_fs *c, struct btree *b,
                seq = max(seq, le64_to_cpu(i->journal_seq));
        }
 
+       /* bch2_varint_decode may read up to 7 bytes past the end of the buffer: */
+       bytes += 8;
+
        data = btree_bounce_alloc(c, bytes, &used_mempool);
 
        if (!b->written) {

diff --git a/fs/bcachefs/btree_update_interior.h b/fs/bcachefs/btree_update_interior.h
index 7668225e72c66b386aabdb8ab6778497094c27c7..41854fc345d2ba21fb830b424aaa97d94e209bad 100644 (file)
--- a/fs/bcachefs/btree_update_interior.h
+++ b/fs/bcachefs/btree_update_interior.h
@@ -237,6 +237,9 @@ static inline ssize_t __bch_btree_u64s_remaining(struct bch_fs *c,
                b->whiteout_u64s;
        ssize_t total = c->opts.btree_node_size << 6;
 
+       /* Always leave one extra u64 for bch2_varint_decode: */
+       used++;
+
        return total - used;
 }