Patch "btrfs: reset destination buffer when read_extent_buffer() gets invalid range" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    btrfs: reset destination buffer when read_extent_buffer() gets invalid range

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-reset-destination-buffer-when-read_extent_buff.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 422f46a4b636d2a2964b4919e8b1b8bc5be1e319
Author: Qu Wenruo <wqu@xxxxxxxx>
Date:   Tue Sep 19 11:44:42 2023 +0930

    btrfs: reset destination buffer when read_extent_buffer() gets invalid range
    
    [ Upstream commit 74ee79142c0a344d4eae2eb7012ebc4e82254109 ]
    
    Commit f98b6215d7d1 ("btrfs: extent_io: do extra check for extent buffer
    read write functions") changed how we handle invalid extent buffer range
    for read_extent_buffer().
    
    Previously if the range is invalid we just set the destination to zero,
    but after the patch we do nothing and error out.
    
    This can lead to smatch static checker errors like:
    
      fs/btrfs/print-tree.c:186 print_uuid_item() error: uninitialized symbol 'subvol_id'.
      fs/btrfs/tests/extent-io-tests.c:338 check_eb_bitmap() error: uninitialized symbol 'has'.
      fs/btrfs/tests/extent-io-tests.c:353 check_eb_bitmap() error: uninitialized symbol 'has'.
      fs/btrfs/uuid-tree.c:203 btrfs_uuid_tree_remove() error: uninitialized symbol 'read_subid'.
      fs/btrfs/uuid-tree.c:353 btrfs_uuid_tree_iterate() error: uninitialized symbol 'subid_le'.
      fs/btrfs/uuid-tree.c:72 btrfs_uuid_tree_lookup() error: uninitialized symbol 'data'.
      fs/btrfs/volumes.c:7415 btrfs_dev_stats_value() error: uninitialized symbol 'val'.
    
    Fix those warnings by reverting back to the old memset() behavior.
    By this we keep the static checker happy and would still make a lot of
    noise when such invalid ranges are passed in.
    
    Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
    Fixes: f98b6215d7d1 ("btrfs: extent_io: do extra check for extent buffer read write functions")
    Signed-off-by: Qu Wenruo <wqu@xxxxxxxx>
    Signed-off-by: David Sterba <dsterba@xxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 0ad69041954ff..afcc96a1f4276 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -5184,8 +5184,14 @@ void read_extent_buffer(const struct extent_buffer *eb, void *dstv,
 	char *dst = (char *)dstv;
 	unsigned long i = get_eb_page_index(start);
 
-	if (check_eb_range(eb, start, len))
+	if (check_eb_range(eb, start, len)) {
+		/*
+		 * Invalid range hit, reset the memory, so callers won't get
+		 * some random garbage for their uninitialzed memory.
+		 */
+		memset(dstv, 0, len);
 		return;
+	}
 
 	offset = get_eb_offset_in_page(eb, start);
 



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux