From: Kent Overstreet <kent.overstreet@linux.dev>
Date: Mon, 23 Sep 2024 21:30:59 +0000 (-0400)
Subject: bcachefs: Add extra padding in bkey_make_mut_noupdate()
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=4a8f8fafbd6ba6f3433c986b00195e0a8dee96bf;p=users%2Fhch%2Fblock.git

bcachefs: Add extra padding in bkey_make_mut_noupdate()

This fixes a kasan splat in propagate_key_to_snapshot_leaves() -
varint_decode_fast() does reads (that it never uses) up to 7 bytes past
the end of the integer.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---

diff --git a/fs/bcachefs/btree_update.h b/fs/bcachefs/btree_update.h
index 60393e98084d..6a454f2fa005 100644
--- a/fs/bcachefs/btree_update.h
+++ b/fs/bcachefs/btree_update.h
@@ -220,7 +220,8 @@ static inline struct bkey_i *__bch2_bkey_make_mut_noupdate(struct btree_trans *t
 	if (type && k.k->type != type)
 		return ERR_PTR(-ENOENT);
 
-	mut = bch2_trans_kmalloc_nomemzero(trans, bytes);
+	/* extra padding for varint_decode_fast... */
+	mut = bch2_trans_kmalloc_nomemzero(trans, bytes + 8);
 	if (!IS_ERR(mut)) {
 		bkey_reassemble(mut, k);