mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-22 16:06:04 -05:00
bcachefs: Fix bch_member.btree_bitmap_shift validation
Needs to match the assert later when we resize... Reported-by: syzbot+e8eff054face85d7ea41@syzkaller.appspotmail.com Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
parent
ca43f73cd1
commit
27a036a0c3
2 changed files with 8 additions and 2 deletions
|
@ -163,7 +163,7 @@ static int validate_member(struct printbuf *err,
|
||||||
return -BCH_ERR_invalid_sb_members;
|
return -BCH_ERR_invalid_sb_members;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (m.btree_bitmap_shift >= 64) {
|
if (m.btree_bitmap_shift >= BCH_MI_BTREE_BITMAP_SHIFT_MAX) {
|
||||||
prt_printf(err, "device %u: invalid btree_bitmap_shift %u", i, m.btree_bitmap_shift);
|
prt_printf(err, "device %u: invalid btree_bitmap_shift %u", i, m.btree_bitmap_shift);
|
||||||
return -BCH_ERR_invalid_sb_members;
|
return -BCH_ERR_invalid_sb_members;
|
||||||
}
|
}
|
||||||
|
@ -450,7 +450,7 @@ static void __bch2_dev_btree_bitmap_mark(struct bch_sb_field_members_v2 *mi, uns
|
||||||
m->btree_bitmap_shift += resize;
|
m->btree_bitmap_shift += resize;
|
||||||
}
|
}
|
||||||
|
|
||||||
BUG_ON(m->btree_bitmap_shift > 57);
|
BUG_ON(m->btree_bitmap_shift >= BCH_MI_BTREE_BITMAP_SHIFT_MAX);
|
||||||
BUG_ON(end > 64ULL << m->btree_bitmap_shift);
|
BUG_ON(end > 64ULL << m->btree_bitmap_shift);
|
||||||
|
|
||||||
for (unsigned bit = start >> m->btree_bitmap_shift;
|
for (unsigned bit = start >> m->btree_bitmap_shift;
|
||||||
|
|
|
@ -65,6 +65,12 @@ struct bch_member {
|
||||||
__le32 last_journal_bucket_offset;
|
__le32 last_journal_bucket_offset;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* btree_allocated_bitmap can represent sector addresses of a u64: it itself has
|
||||||
|
* 64 elements, so 64 - ilog2(64)
|
||||||
|
*/
|
||||||
|
#define BCH_MI_BTREE_BITMAP_SHIFT_MAX 58
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This limit comes from the bucket_gens array - it's a single allocation, and
|
* This limit comes from the bucket_gens array - it's a single allocation, and
|
||||||
* kernel allocation are limited to INT_MAX
|
* kernel allocation are limited to INT_MAX
|
||||||
|
|
Loading…
Reference in a new issue