Commit 1155b12e authored by Chandan Babu R's avatar Chandan Babu R
Browse files

Merge tag 'fix-scrub-6.6_2023-09-12' of... 

Merge tag 'fix-scrub-6.6_2023-09-12' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux

 into xfs-6.6-fixesA

xfs: fix out of bounds memory access in scrub

This is a quick fix for a few internal syzbot reports concerning an
invalid memory access in the scrub code.

Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Signed-off-by: default avatarChandan Babu R <chandanbabu@kernel.org>

* tag 'fix-scrub-6.6_2023-09-12' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux:
  xfs: only call xchk_stats_merge after validating scrub inputs
parents 6ebb6500 e0319282

fs/xfs/scrub/scrub.c

+2 −2
Original line number Diff line number Diff line
@@ -588,6 +588,8 @@ xfs_scrub_metadata( 
out_teardown:

	error = xchk_teardown(sc, error);

out_sc:

	if (error != -ENOENT)

		xchk_stats_merge(mp, sm, &run);

	kfree(sc);

out:

	trace_xchk_done(XFS_I(file_inode(file)), sm, error);
@@ -595,8 +597,6 @@ xfs_scrub_metadata( 
		sm->sm_flags |= XFS_SCRUB_OFLAG_CORRUPT;

		error = 0;

	}

	if (error != -ENOENT)

		xchk_stats_merge(mp, sm, &run);

	return error;

need_drain:

	error = xchk_teardown(sc, 0);

fs/xfs/scrub/stats.c

+4 −1
Original line number Diff line number Diff line
@@ -185,7 +185,10 @@ xchk_stats_merge_one( 
{

	struct xchk_scrub_stats		*css;



	if (sm->sm_type >= XFS_SCRUB_TYPE_NR) {

		ASSERT(sm->sm_type < XFS_SCRUB_TYPE_NR);

		return;

	}



	css = &cs->cs_stats[sm->sm_type];

	spin_lock(&css->css_lock);