5a1922adc5
[ Upstream commit 3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 ] btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array. Cc: stable@vger.kernel.org Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368 Signed-off-by: Matthew Mirvish <matthew@mm12.xyz> Signed-off-by: Coly Li <colyli@suse.de> Link: https://lore.kernel.org/r/20240509011117.2697-3-colyli@suse.de Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| alloc.c | ||
| bcache.h | ||
| bset.c | ||
| bset.h | ||
| btree.c | ||
| btree.h | ||
| closure.c | ||
| closure.h | ||
| debug.c | ||
| debug.h | ||
| extents.c | ||
| extents.h | ||
| features.c | ||
| features.h | ||
| io.c | ||
| journal.c | ||
| journal.h | ||
| movinggc.c | ||
| request.c | ||
| request.h | ||
| stats.c | ||
| stats.h | ||
| super.c | ||
| sysfs.c | ||
| sysfs.h | ||
| trace.c | ||
| util.c | ||
| util.h | ||
| writeback.c | ||
| writeback.h | ||