From: Kent Overstreet Date: Sun, 16 Apr 2023 11:10:46 +0000 (-0400) Subject: bcachefs: Fix a slab-out-of-bounds X-Git-Tag: io_uring-6.7-2023-11-10~119^2~356 X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=615fccada50247abbc61c6c0a0d9c717b3fb6290;p=linux-block.git bcachefs: Fix a slab-out-of-bounds In __bch2_alloc_to_v4_mut(), we overrun the buffer we allocate if the alloc key had backpointers stored in it (which we no longer support). Fix this with a max() call. Signed-off-by: Kent Overstreet --- diff --git a/fs/bcachefs/alloc_background.c b/fs/bcachefs/alloc_background.c index 06032556d5c4..4032d1940884 100644 --- a/fs/bcachefs/alloc_background.c +++ b/fs/bcachefs/alloc_background.c @@ -479,7 +479,7 @@ __bch2_alloc_to_v4_mut(struct btree_trans *trans, struct bkey_s_c k) { struct bkey_i_alloc_v4 *ret; - ret = bch2_trans_kmalloc(trans, sizeof(struct bkey_i_alloc_v4)); + ret = bch2_trans_kmalloc(trans, max(bkey_bytes(k.k), sizeof(struct bkey_i_alloc_v4))); if (IS_ERR(ret)) return ret;