bcachefs: Hack around bch2_varint_decode invalid reads

bch2_varint_decode can do reads up to 7 bytes past the end ptr, for the sake of performance - these extra bytes are always masked off. This won't be a problem in practice if we make sure to burn 8 bytes in any buffer that has bkeys in it. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

bcachefs: Hack around bch2_varint_decode invalid reads
bch2_varint_decode can do reads up to 7 bytes past the end ptr, for the sake of performance - these extra bytes are always masked off. This won't be a problem in practice if we make sure to burn 8 bytes in any buffer that has bkeys in it. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
6d9378f3 · Kent Overstreet · Kent Overstreet · e648448c · 6d9378f3 · 6d9378f3
Commit 6d9378f3 authored Nov 11, 2020 by Kent Overstreet Committed by Kent Overstreet Oct 22, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

fs/bcachefs/btree_io.c fs/bcachefs/btree_io.c +3 -0

fs/bcachefs/btree_update_interior.h fs/bcachefs/btree_update_interior.h +3 -0

No files found.
--- a/fs/bcachefs/btree_io.c
+++ b/fs/bcachefs/btree_io.c
@@ -1532,6 +1532,9 @@ void __bch2_btree_node_write(struct bch_fs *c, struct btree *b,
 		seq = max(seq, le64_to_cpu(i->journal_seq));
 	}
+	/* bch2_varint_decode may read up to 7 bytes past the end of the buffer: */
+	bytes += 8;
 	data = btree_bounce_alloc(c, bytes, &used_mempool);
 	if (!b->written) {

--- a/fs/bcachefs/btree_update_interior.h
+++ b/fs/bcachefs/btree_update_interior.h
@@ -237,6 +237,9 @@ static inline ssize_t __bch_btree_u64s_remaining(struct bch_fs *c,
 		b->whiteout_u64s;
 	ssize_t total = c->opts.btree_node_size << 6;
+	/* Always leave one extra u64 for bch2_varint_decode: */
+	used++;
 	return total - used;
 }