From patchwork Sun Aug 12 10:30:05 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Peddell X-Patchwork-Id: 1309481 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id F11A73FC33 for ; Sun, 12 Aug 2012 10:40:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751178Ab2HLKkD (ORCPT ); Sun, 12 Aug 2012 06:40:03 -0400 Received: from aristotle.killerwolves.net ([182.160.128.151]:51132 "EHLO aristotle.killerwolves.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750937Ab2HLKkD (ORCPT ); Sun, 12 Aug 2012 06:40:03 -0400 X-Greylist: delayed 646 seconds by postgrey-1.27 at vger.kernel.org; Sun, 12 Aug 2012 06:40:02 EDT X-Spam-Level: * X-Spam-Status: No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,TVD_RCVD_IP X-Spam-Check-By: aristotle Received: from 124-170-89-144.dyn.iinet.net.au (HELO [192.168.200.66]) (124.170.89.144) (smtp-auth username klightspeed, mechanism plain) by aristotle (qpsmtpd/0.84) with (CAMELLIA256-SHA encrypted) ESMTPSA; Sun, 12 Aug 2012 20:33:33 +1000 Message-ID: <502785AD.9080904@killerwolves.net> Date: Sun, 12 Aug 2012 20:30:05 +1000 From: Ben Peddell User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: linux-btrfs@vger.kernel.org Subject: [PATCH] Fix unaligned pointer accesses of btrfs_key->offset X-Enigmail-Version: 1.4.3 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org The offset field in the btrfs_key structure is unaligned. Unlike x86, unaligned accesses on ARM will result in Unaligned Access traps, which are usually ignored, and the lower bits of the pointer address being accessed are zeroed. This means that in this case the lower 8 bits of the value that should go into key->offset actually goes into key->type, the value that is put into key->offset is shifted right 8 bits, and the top 8 bits remain from the previous value in key->offset. This currently occurs in mkfs.btrfs, causing it to abort, and could potentially occur in the filesystem driver, causing internal corruption. This patch works around the two unaligned accesses of key->offset through a pointer by giving find_next_chunk an aligned pointer. --- volumes.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/volumes.c b/volumes.c index 8dca5e1..47a6d5f 100644 --- a/volumes.c +++ b/volumes.c @@ -644,6 +644,7 @@ int btrfs_alloc_chunk(struct btrfs_trans_handle *trans, u64 avail; u64 max_avail = 0; u64 percent_max; + u64 offset; int num_stripes = 1; int min_stripes = 1; int sub_stripes = 0; @@ -760,7 +761,8 @@ again: key.objectid = BTRFS_FIRST_CHUNK_TREE_OBJECTID; key.type = BTRFS_CHUNK_ITEM_KEY; ret = find_next_chunk(chunk_root, BTRFS_FIRST_CHUNK_TREE_OBJECTID, - &key.offset); + &offset); + key.offset = offset; if (ret) return ret; @@ -864,6 +866,7 @@ int btrfs_alloc_data_chunk(struct btrfs_trans_handle *trans, struct list_head *cur; struct map_lookup *map; u64 calc_size = 8 * 1024 * 1024; + u64 offset; int num_stripes = 1; int sub_stripes = 0; int ret; @@ -874,7 +877,8 @@ int btrfs_alloc_data_chunk(struct btrfs_trans_handle *trans, key.objectid = BTRFS_FIRST_CHUNK_TREE_OBJECTID; key.type = BTRFS_CHUNK_ITEM_KEY; ret = find_next_chunk(chunk_root, BTRFS_FIRST_CHUNK_TREE_OBJECTID, - &key.offset); + &offset); + key.offset = offset; if (ret) return ret;