Btrfs: send, fix corrupted path strings for long paths [Linux 3.15]

This Linux kernel change "Btrfs: send, fix corrupted path strings for long paths" is included in the Linux 3.15 release. This change is authored by Filipe Manana <fdmanana [at] gmail.com> on Wed May 21 17:38:13 2014 +0100. The commit for this change in Linux stable tree is 01a9a8a (patch).

Btrfs: send, fix corrupted path strings for long paths

If a path has more than 230 characters, we allocate a new buffer to
use for the path, but we were forgotting to copy the contents of the
previous buffer into the new one, which has random content from the
kmalloc call.

Test:

    mkfs.btrfs -f /dev/sdd
    mount /dev/sdd /mnt

    TEST_PATH="/mnt/fdmanana/.config/google-chrome-mysetup/Default/Pepper_Data/Shockwave_Flash/WritableRoot/#SharedObjects/JSHJ4ZKN/s.wsj.net/[[IMPORT]]/players.edgesuite.net/flash/plugins/osmf/advanced-streaming-plugin/v2.7/osmf1.6/Ak#"
    mkdir -p $TEST_PATH
    echo "hello world" > $TEST_PATH/amaiAdvancedStreamingPlugin.txt

    btrfs subvolume snapshot -r /mnt /mnt/mysnap1
    btrfs send /mnt/mysnap1 -f /tmp/1.snap

A test for xfstests follows.

Signed-off-by: Filipe David Borba Manana <[email protected]>
Cc: Marc Merlin <[email protected]>
Tested-by: Marc MERLIN <[email protected]>
Signed-off-by: Chris Mason <[email protected]>

There are 7 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 fs/btrfs/send.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index fd38b50..484aaca 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -360,10 +360,13 @@ static int fs_path_ensure_buf(struct fs_path *p, int len)
    /*
     * First time the inline_buf does not suffice
     */
-   if (p->buf == p->inline_buf)
+   if (p->buf == p->inline_buf) {
        tmp_buf = kmalloc(len, GFP_NOFS);
-   else
+       if (tmp_buf)
+           memcpy(tmp_buf, p->buf, old_buf_len);
+   } else {
        tmp_buf = krealloc(p->buf, len, GFP_NOFS);
+   }
    if (!tmp_buf)
        return -ENOMEM;
    p->buf = tmp_buf;

Leave a Reply

Your email address will not be published. Required fields are marked *