Commit 27a036a0 authored Nov 07, 2024 by Kent Overstreet

bcachefs: Fix bch_member.btree_bitmap_shift validation



Needs to match the assert later when we resize...

Reported-by:  <syzbot+e8eff054face85d7ea41@syzkaller.appspotmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

parent ca43f73c

fs/bcachefs/sb-members.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -163,7 +163,7 @@ static int validate_member(struct printbuf *err,
		return -BCH_ERR_invalid_sb_members;
		}

		if (m.btree_bitmap_shift >= 64) {
		if (m.btree_bitmap_shift >= BCH_MI_BTREE_BITMAP_SHIFT_MAX) {
		prt_printf(err, "device %u: invalid btree_bitmap_shift %u", i, m.btree_bitmap_shift);
		return -BCH_ERR_invalid_sb_members;
		}
		@@ -450,7 +450,7 @@ static void __bch2_dev_btree_bitmap_mark(struct bch_sb_field_members_v2 *mi, uns
		m->btree_bitmap_shift += resize;
		}

		BUG_ON(m->btree_bitmap_shift > 57);
		BUG_ON(m->btree_bitmap_shift >= BCH_MI_BTREE_BITMAP_SHIFT_MAX);
		BUG_ON(end > 64ULL << m->btree_bitmap_shift);

		for (unsigned bit = start >> m->btree_bitmap_shift;

fs/bcachefs/sb-members_format.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,12 @@ struct bch_member {
		__le32 last_journal_bucket_offset;
		};

		/*
		* btree_allocated_bitmap can represent sector addresses of a u64: it itself has
		* 64 elements, so 64 - ilog2(64)
		*/
		#define BCH_MI_BTREE_BITMAP_SHIFT_MAX 58

		/*
		* This limit comes from the bucket_gens array - it's a single allocation, and
		* kernel allocation are limited to INT_MAX