From 615fccada50247abbc61c6c0a0d9c717b3fb6290 Mon Sep 17 00:00:00 2001 From: Kent Overstreet Date: Sun, 16 Apr 2023 07:10:46 -0400 Subject: [PATCH] bcachefs: Fix a slab-out-of-bounds In __bch2_alloc_to_v4_mut(), we overrun the buffer we allocate if the alloc key had backpointers stored in it (which we no longer support). Fix this with a max() call. Signed-off-by: Kent Overstreet --- fs/bcachefs/alloc_background.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/bcachefs/alloc_background.c b/fs/bcachefs/alloc_background.c index 06032556d5c4..4032d1940884 100644 --- a/fs/bcachefs/alloc_background.c +++ b/fs/bcachefs/alloc_background.c @@ -479,7 +479,7 @@ __bch2_alloc_to_v4_mut(struct btree_trans *trans, struct bkey_s_c k) { struct bkey_i_alloc_v4 *ret; - ret = bch2_trans_kmalloc(trans, sizeof(struct bkey_i_alloc_v4)); + ret = bch2_trans_kmalloc(trans, max(bkey_bytes(k.k), sizeof(struct bkey_i_alloc_v4))); if (IS_ERR(ret)) return ret;