summaryrefslogtreecommitdiff
path: root/fs/bcachefs/recovery.c
diff options
context:
space:
mode:
authorKent Overstreet <kent.overstreet@gmail.com>2021-07-30 14:33:06 -0400
committerKent Overstreet <kent.overstreet@linux.dev>2023-10-22 17:09:10 -0400
commit877da05ffb13c1a998070707e0d15df0167f9364 (patch)
tree9f6dfc0566672aa21bbf8c02d1d35fc32248e15f /fs/bcachefs/recovery.c
parent9cba7bf7c7edc6ae6579945588964b3b90e33258 (diff)
downloadlwn-877da05ffb13c1a998070707e0d15df0167f9364.tar.gz
lwn-877da05ffb13c1a998070707e0d15df0167f9364.zip
bcachefs: Zero out mem_ptr field in btree ptr keys from journal replay
This fixes a bad ptr deref on recovery from unclean shutdown in bch2_btree_node_get_noiter(). Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Diffstat (limited to 'fs/bcachefs/recovery.c')
-rw-r--r--fs/bcachefs/recovery.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/fs/bcachefs/recovery.c b/fs/bcachefs/recovery.c
index 84e224fb0d01..afb72648fe54 100644
--- a/fs/bcachefs/recovery.c
+++ b/fs/bcachefs/recovery.c
@@ -39,6 +39,20 @@ static void drop_alloc_keys(struct journal_keys *keys)
keys->nr = dst;
}
+/*
+ * Btree node pointers have a field to stack a pointer to the in memory btree
+ * node; we need to zero out this field when reading in btree nodes, or when
+ * reading in keys from the journal:
+ */
+static void zero_out_btree_mem_ptr(struct journal_keys *keys)
+{
+ struct journal_key *i;
+
+ for (i = keys->d; i < keys->d + keys->nr; i++)
+ if (i->k->k.type == KEY_TYPE_btree_ptr_v2)
+ bkey_i_to_btree_ptr_v2(i->k)->v.mem_ptr = 0;
+}
+
/* iterate over keys read from the journal: */
static int __journal_key_cmp(enum btree_id l_btree_id,
@@ -1072,6 +1086,8 @@ use_clean:
drop_alloc_keys(&c->journal_keys);
}
+ zero_out_btree_mem_ptr(&c->journal_keys);
+
ret = journal_replay_early(c, clean, &c->journal_entries);
if (ret)
goto err;