On Tue, Oct 22, 2024 at 10:26:18AM +0800, Hongbo Li wrote: > > > On 2024/10/21 23:43, Jeongjun Park wrote: > > The size of a.data_type is set abnormally large, causing > > shift-out-of-bounds. > > To fix this, we need to add validation on a.data_type in > > alloc_lru_idx_fragmentation(). > > > > Reported-by: [email protected] > > Fixes: 260af1562ec1 ("bcachefs: Kill alloc_v4.fragmentation_lru") > > Signed-off-by: Jeongjun Park <[email protected]> > > --- > > fs/bcachefs/alloc_background.h | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/fs/bcachefs/alloc_background.h b/fs/bcachefs/alloc_background.h > > index f8e87c6721b1..163a67b97a40 100644 > > --- a/fs/bcachefs/alloc_background.h > > +++ b/fs/bcachefs/alloc_background.h > > @@ -168,6 +168,9 @@ static inline bool data_type_movable(enum bch_data_type > > type) > > static inline u64 alloc_lru_idx_fragmentation(struct bch_alloc_v4 a, > > struct bch_dev *ca) > > { > > + if (a.data_type >= BCH_DATA_NR) > > + return 0; > > + > > oh, I found I have done the same thing in [1]("Re: [syzbot] [bcachefs?] > UBSAN: shift-out-of-bounds in bch2_alloc_to_text"). But in my humble > opinion, the validation changes also should be added. And in addition, move > the condition about a.data_type into data_type_movable will be better. Just > my personal opinion.:)
Unknown data types (and key types, btree IDs, etc.) are allowed for forwards compatibility - they should just be ignored
