ext4: fix unaligned memory access in ext4_fc_reserve_space()

author Eric Biggers <ebiggers@kernel.org>

Thu, 5 Jan 2023 07:13:58 +0000 (23:13 -0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 12 Jan 2023 10:59:05 +0000 (11:59 +0100)
author Eric Biggers <ebiggers@kernel.org>
Thu, 5 Jan 2023 07:13:58 +0000 (23:13 -0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 12 Jan 2023 10:59:05 +0000 (11:59 +0100)
diff --git a/fs/ext4/fast_commit.c b/fs/ext4/fast_commit.c

index f92eb89..fe65df2 100644 (file)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -604,6 +604,15 @@ static void ext4_fc_submit_bh(struct super_block *sb, bool is_tail)
  
  /* Ext4 commit path routines */
  
+/* memcpy to fc reserved space and update CRC */
+static void *ext4_fc_memcpy(struct super_block *sb, void *dst, const void *src,
+                               int len, u32 *crc)
+{
+       if (crc)
+               *crc = ext4_chksum(EXT4_SB(sb), *crc, src, len);
+       return memcpy(dst, src, len);
+}
+
  /* memzero and update CRC */
  static void *ext4_fc_memzero(struct super_block *sb, void *dst, int len,
                                 u32 *crc)
@@ -629,12 +638,13 @@ static void *ext4_fc_memzero(struct super_block *sb, void *dst, int len,
   */
  static u8 *ext4_fc_reserve_space(struct super_block *sb, int len, u32 *crc)
  {
-       struct ext4_fc_tl *tl;
+       struct ext4_fc_tl tl;
         struct ext4_sb_info *sbi = EXT4_SB(sb);
         struct buffer_head *bh;
         int bsize = sbi->s_journal->j_blocksize;
         int ret, off = sbi->s_fc_bytes % bsize;
         int pad_len;
+       u8 *dst;
  
         /*
          * After allocating len, we should have space at least for a 0 byte
@@ -658,16 +668,18 @@ static u8 *ext4_fc_reserve_space(struct super_block *sb, int len, u32 *crc)
                 return sbi->s_fc_bh->b_data + off;
         }
         /* Need to add PAD tag */
-       tl = (struct ext4_fc_tl *)(sbi->s_fc_bh->b_data + off);
-       tl->fc_tag = cpu_to_le16(EXT4_FC_TAG_PAD);
+       dst = sbi->s_fc_bh->b_data + off;
+       tl.fc_tag = cpu_to_le16(EXT4_FC_TAG_PAD);
         pad_len = bsize - off - 1 - EXT4_FC_TAG_BASE_LEN;
-       tl->fc_len = cpu_to_le16(pad_len);
-       if (crc)
-               *crc = ext4_chksum(sbi, *crc, tl, EXT4_FC_TAG_BASE_LEN);
-       if (pad_len > 0)
-               ext4_fc_memzero(sb, tl + 1, pad_len, crc);
+       tl.fc_len = cpu_to_le16(pad_len);
+       ext4_fc_memcpy(sb, dst, &tl, EXT4_FC_TAG_BASE_LEN, crc);
+       dst += EXT4_FC_TAG_BASE_LEN;
+       if (pad_len > 0) {
+               ext4_fc_memzero(sb, dst, pad_len, crc);
+               dst += pad_len;
+       }
         /* Don't leak uninitialized memory in the unused last byte. */
-       *((u8 *)(tl + 1) + pad_len) = 0;
+       *dst = 0;
  
         ext4_fc_submit_bh(sb, false);
  
@@ -679,15 +691,6 @@ static u8 *ext4_fc_reserve_space(struct super_block *sb, int len, u32 *crc)
         return sbi->s_fc_bh->b_data;
  }
  
-/* memcpy to fc reserved space and update CRC */
-static void *ext4_fc_memcpy(struct super_block *sb, void *dst, const void *src,
-                               int len, u32 *crc)
-{
-       if (crc)
-               *crc = ext4_chksum(EXT4_SB(sb), *crc, src, len);
-       return memcpy(dst, src, len);
-}
-
  /*
   * Complete a fast commit by writing tail tag.
   *
author	Eric Biggers <ebiggers@kernel.org>
	Thu, 5 Jan 2023 07:13:58 +0000 (23:13 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 12 Jan 2023 10:59:05 +0000 (11:59 +0100)