[U-Boot] [PATCH] fs: btrfs: Fix tree traversal with btrfs_next_slot()
Marek BehĂșn
marek.behun at nic.cz
Tue Oct 2 11:22:28 UTC 2018
Tested-by: Marek BehĂșn <marek.behun at nic.cz>
Hello Tom, could you please apply the patch by Yevgeny?
Marek
On Fri, 7 Sep 2018 12:59:30 +0300
Yevgeny Popovych <yevgenyp at pointgrab.com> wrote:
> When traversing slots in a btree (via btrfs_path) with
> btrfs_next_slot(), we didn't correctly identify that the last slot in
> the leaf was reached and we should jump to the next leaf.
>
> This could lead to any kind of runtime errors or corruptions, like:
> * file data not being read at all, or is read partially
> * file is read but is corrupted
> * (any) metadata being corrupted or not read at all, etc
>
> The easiest way to reproduce this is to read a large enough file that
> its EXTENT_DATA items don't fit into a single leaf.
>
> Signed-off-by: Yevgeny Popovych <yevgenyp at pointgrab.com>
> Cc: Marek Behun <marek.behun at nic.cz>
> ---
> fs/btrfs/ctree.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
> index 4da36a9..b44a47e 100644
> --- a/fs/btrfs/ctree.c
> +++ b/fs/btrfs/ctree.c
> @@ -270,7 +270,7 @@ int btrfs_next_slot(struct btrfs_path *p)
> {
> struct btrfs_leaf *leaf = &p->nodes[0]->leaf;
>
> - if (p->slots[0] >= leaf->header.nritems)
> + if (p->slots[0] + 1 >= leaf->header.nritems)
> return jump_leaf(p, 1);
>
> p->slots[0]++;
More information about the U-Boot
mailing list