[U-Boot] [PATCH] fs: btrfs: Fix tree traversal with btrfs_next_slot()
Yevgeny Popovych
yevgenyp at pointgrab.com
Mon Oct 1 05:50:11 UTC 2018
Just a kindly reminder :)
On 09/07/2018 12:59 PM, Yevgeny Popovych wrote:
> When traversing slots in a btree (via btrfs_path) with btrfs_next_slot(),
> we didn't correctly identify that the last slot in the leaf was reached
> and we should jump to the next leaf.
>
> This could lead to any kind of runtime errors or corruptions, like:
> * file data not being read at all, or is read partially
> * file is read but is corrupted
> * (any) metadata being corrupted or not read at all, etc
>
> The easiest way to reproduce this is to read a large enough file that
> its EXTENT_DATA items don't fit into a single leaf.
>
> Signed-off-by: Yevgeny Popovych <yevgenyp at pointgrab.com>
> Cc: Marek Behun <marek.behun at nic.cz>
> ---
> fs/btrfs/ctree.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
> index 4da36a9..b44a47e 100644
> --- a/fs/btrfs/ctree.c
> +++ b/fs/btrfs/ctree.c
> @@ -270,7 +270,7 @@ int btrfs_next_slot(struct btrfs_path *p)
> {
> struct btrfs_leaf *leaf = &p->nodes[0]->leaf;
>
> - if (p->slots[0] >= leaf->header.nritems)
> + if (p->slots[0] + 1 >= leaf->header.nritems)
> return jump_leaf(p, 1);
>
> p->slots[0]++;
>
--
Sincerely,
Yevgeny Popovych
More information about the U-Boot
mailing list