btrfs: send: handle path ref underflow in header iterate_inode_ref()

[ Upstream commit 3c6ee34c6f9cd12802326da26631232a61743501 ]

Change BUG_ON to proper error handling if building the path buffer
fails. The pointers are not printed so we don't accidentally leak kernel
addresses.

Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index 9900f879fa34657028636cf97753402b0f28366e..f1ef176a6424259cc0a40f2b4706d58205a7dd15 100644 (file)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -976,7 +976,15 @@ static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path,
                                        ret = PTR_ERR(start);
                                        goto out;
                                }
-                               BUG_ON(start < p->buf);
+                               if (unlikely(start < p->buf)) {
+                                       btrfs_err(root->fs_info,
+                       "send: path ref buffer underflow for key (%llu %u %llu)",
+                                                 found_key->objectid,
+                                                 found_key->type,
+                                                 found_key->offset);
+                                       ret = -EINVAL;
+                                       goto out;
+                               }
                        }
                        p->start = start;
                } else {