From: David Sterba <dsterba@suse.cz>
To: Chris Mason <clm@fb.com>
Cc: Nikolay Borisov <kernel@kyup.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH] btrfs: Fix handling of -ENOENT from btrfs_uuid_iter_rem
Date: Mon, 19 Sep 2016 22:18:04 +0200 [thread overview]
Message-ID: <20160919201804.GT16983@suse.cz> (raw)
In-Reply-To: <2c9c27c6-5e2d-5035-de11-0cf021dfd9a1@fb.com>
On Mon, Sep 19, 2016 at 02:49:41PM -0400, Chris Mason wrote:
> On 09/19/2016 02:13 PM, David Sterba wrote:
> > On Wed, Sep 07, 2016 at 10:38:58AM +0300, Nikolay Borisov wrote:
> >> btrfs_uuid_iter_rem is able to return -ENOENT, however this condition
> >> is not handled in btrfs_uuid_tree_iterate which can lead to calling
> >> btrfs_next_item with freed path argument, leading to a null pointer
> >> dereference. Fix it by redoing the search but with an incremented
> >> objectid so we don't loop over the same key.
> >>
> >> Signed-off-by: Nikolay Borisov <kernel@kyup.com>
> >> Suggested-by: Chris Mason <clm@fb.com>
> >> Link: https://lkml.kernel.org/r/57A473B0.2040203@kyup.com
> >
> > I'll queue the patch for 4.9, thanks.
> >
>
> Not having a good test for this kept me from trying the patch cold. I
> think bumping the objectid will end up missing items.
Ok, so I can keep it in the branches that are not for the upcoming
merges but still in for-next.
next prev parent reply other threads:[~2016-09-19 20:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-05 11:08 Crash in btrfs_uuid_tree_iterate during mount Nikolay Borisov
2016-08-05 15:12 ` Chris Mason
2016-08-05 19:14 ` Nikolay Borisov
2016-08-08 10:49 ` Nikolay Borisov
2016-08-08 14:16 ` Chris Mason
2016-08-08 14:21 ` Nikolay Borisov
2016-08-08 14:24 ` Chris Mason
2016-08-29 7:25 ` Nikolay Borisov
2016-09-07 7:38 ` [PATCH] btrfs: Fix handling of -ENOENT from btrfs_uuid_iter_rem Nikolay Borisov
2016-09-19 18:13 ` David Sterba
2016-09-19 18:49 ` Chris Mason
2016-09-19 20:18 ` David Sterba [this message]
[not found] ` <CAJFSNy5eOdkn=YSA1-T7goOUNuX6ozUiGAM3tCTq7dvzsiJCug@mail.gmail.com>
2016-09-20 7:36 ` Nikolay Borisov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160919201804.GT16983@suse.cz \
--to=dsterba@suse.cz \
--cc=clm@fb.com \
--cc=kernel@kyup.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).