bcachefs: Fix a slab-out-of-bounds

In __bch2_alloc_to_v4_mut(), we overrun the buffer we allocate if the
alloc key had backpointers stored in it (which we no longer support).

Fix this with a max() call.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/alloc_background.c b/fs/bcachefs/alloc_background.c
index 06032556d5c483a8220eed14b787805c390474b2..4032d1940884cd87224ca28029a7b0a782f63134 100644 (file)
--- a/fs/bcachefs/alloc_background.c
+++ b/fs/bcachefs/alloc_background.c
@@ -479,7 +479,7 @@ __bch2_alloc_to_v4_mut(struct btree_trans *trans, struct bkey_s_c k)
 {
        struct bkey_i_alloc_v4 *ret;
 
-       ret = bch2_trans_kmalloc(trans, sizeof(struct bkey_i_alloc_v4));
+       ret = bch2_trans_kmalloc(trans, max(bkey_bytes(k.k), sizeof(struct bkey_i_alloc_v4)));
        if (IS_ERR(ret))
                return ret;