From: "Darrick J. Wong" <djwong@xxxxxxxxxx>
commit de55149b6639e903c4d06eb0474ab2c05060e61d upstream.
While refactoring code, I noticed that when xfs_iroot_realloc tries to
shrink a bmbt root block, it allocates a smaller new block and then
copies "records" and pointers to the new block. However, bmbt root
blocks cannot ever be leaves, which means that it's not technically
correct to copy records. We /should/ be copying keys.
Note that this has never resulted in actual memory corruption because
sizeof(bmbt_rec) == (sizeof(bmbt_key) + sizeof(bmbt_ptr)). However,
this will no longer be true when we start adding realtime rmap stuff,
so fix this now.
Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Catherine Hoang <catherine.hoang@xxxxxxxxxx>
Acked-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/xfs/libxfs/xfs_inode_fork.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -449,15 +449,15 @@ xfs_iroot_realloc(
}
/*
- * Only copy the records and pointers if there are any.
+ * Only copy the keys and pointers if there are any.
*/
if (new_max > 0) {
/*
- * First copy the records.
+ * First copy the keys.
*/
- op = (char *)XFS_BMBT_REC_ADDR(mp, ifp->if_broot, 1);
- np = (char *)XFS_BMBT_REC_ADDR(mp, new_broot, 1);
- memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_rec_t));
+ op = (char *)XFS_BMBT_KEY_ADDR(mp, ifp->if_broot, 1);
+ np = (char *)XFS_BMBT_KEY_ADDR(mp, new_broot, 1);
+ memcpy(np, op, new_max * (uint)sizeof(xfs_bmbt_key_t));
/*
* Then copy the pointers.
Patches currently in stable-queue which might be from catherine.hoang@xxxxxxxxxx are
queue-6.6/xfs-return-bool-from-xfs_attr3_leaf_add.patch
queue-6.6/xfs-fix-a-sloppy-memory-handling-bug-in-xfs_iroot_realloc.patch
queue-6.6/xfs-streamline-xfs_filestream_pick_ag.patch
queue-6.6/xfs-merge-xfs_attr_leaf_try_add-into-xfs_attr_leaf_addname.patch
queue-6.6/xfs-don-t-free-cowblocks-from-under-dirty-pagecache-on-unshare.patch
queue-6.6/xfs-pass-the-exact-range-to-initialize-to-xfs_initialize_perag.patch
queue-6.6/xfs-assert-a-valid-limit-in-xfs_rtfind_forw.patch
queue-6.6/xfs-don-t-use-__gfp_retry_mayfail-in-xfs_initialize_perag.patch
queue-6.6/xfs-use-try_cmpxchg-in-xlog_cil_insert_pcp_aggregate.patch
queue-6.6/xfs-don-t-ifdef-around-the-exact-minlen-allocations.patch
queue-6.6/xfs-reduce-unnecessary-searches-when-searching-for-the-best-extents.patch
queue-6.6/xfs-validate-inumber-in-xfs_iget.patch
queue-6.6/xfs-support-lowmode-allocations-in-xfs_bmap_exact_minlen_extent_alloc.patch
queue-6.6/xfs-skip-background-cowblock-trims-on-inodes-open-for-write.patch
queue-6.6/xfs-remove-empty-declartion-in-header-file.patch
queue-6.6/xfs-fold-xfs_bmap_alloc_userdata-into-xfs_bmapi_allocate.patch
queue-6.6/xfs-update-the-file-system-geometry-after-recoverying-superblock-buffers.patch
queue-6.6/xfs-call-xfs_bmap_exact_minlen_extent_alloc-from-xfs_bmap_btalloc.patch
queue-6.6/xfs-distinguish-extra-split-from-real-enospc-from-xfs_attr_node_try_addname.patch
queue-6.6/xfs-error-out-when-a-superblock-buffer-update-reduces-the-agcount.patch
queue-6.6/xfs-update-the-pag-for-the-last-ag-at-recovery-time.patch
queue-6.6/xfs-check-for-delayed-allocations-before-setting-extsize.patch
queue-6.6/xfs-fix-a-typo.patch
queue-6.6/xfs-distinguish-extra-split-from-real-enospc-from-xfs_attr3_leaf_split.patch
