* [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag()
@ 2015-03-03 20:14 Eric Sandeen
2015-03-03 21:30 ` Dave Chinner
2015-03-04 21:08 ` [PATCH V2] xfs: fix NULL pointer dereference " Eric Sandeen
0 siblings, 2 replies; 3+ messages in thread
From: Eric Sandeen @ 2015-03-03 20:14 UTC (permalink / raw)
To: xfs-oss; +Cc: Adrien Nader
If xfs_filestream_get_parent() fails, we have a null pip,
goto out, and attempt to IRELE(NULL). This causes a null
pointer dereference and BUG().
Fix this by testing for pip before trying to release it.
Reported-by: Adrien Nader <adrien@notk.org>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
diff --git a/fs/xfs/xfs_filestream.c b/fs/xfs/xfs_filestream.c
index a2e86e8..fb09a63 100644
--- a/fs/xfs/xfs_filestream.c
+++ b/fs/xfs/xfs_filestream.c
@@ -348,7 +348,8 @@ xfs_filestream_lookup_ag(
if (xfs_filestream_pick_ag(pip, startag, &ag, 0, 0))
ag = NULLAGNUMBER;
out:
- IRELE(pip);
+ if (pip)
+ IRELE(pip);
return ag;
}
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag()
2015-03-03 20:14 [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag() Eric Sandeen
@ 2015-03-03 21:30 ` Dave Chinner
2015-03-04 21:08 ` [PATCH V2] xfs: fix NULL pointer dereference " Eric Sandeen
1 sibling, 0 replies; 3+ messages in thread
From: Dave Chinner @ 2015-03-03 21:30 UTC (permalink / raw)
To: Eric Sandeen; +Cc: Adrien Nader, xfs-oss
On Tue, Mar 03, 2015 at 02:14:57PM -0600, Eric Sandeen wrote:
> If xfs_filestream_get_parent() fails, we have a null pip,
> goto out, and attempt to IRELE(NULL). This causes a null
> pointer dereference and BUG().
>
> Fix this by testing for pip before trying to release it.
>
> Reported-by: Adrien Nader <adrien@notk.org>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> diff --git a/fs/xfs/xfs_filestream.c b/fs/xfs/xfs_filestream.c
> index a2e86e8..fb09a63 100644
> --- a/fs/xfs/xfs_filestream.c
> +++ b/fs/xfs/xfs_filestream.c
> @@ -348,7 +348,8 @@ xfs_filestream_lookup_ag(
> if (xfs_filestream_pick_ag(pip, startag, &ag, 0, 0))
> ag = NULLAGNUMBER;
> out:
> - IRELE(pip);
> + if (pip)
> + IRELE(pip);
> return ag;
> }
>
I'd just convert the error case when get_parent fails to:
if (!pip)
return NULLAGNUMBER;
rather than using the goto and adding conditional cleanup for this
case.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH V2] xfs: fix NULL pointer dereference in xfs_filestream_lookup_ag()
2015-03-03 20:14 [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag() Eric Sandeen
2015-03-03 21:30 ` Dave Chinner
@ 2015-03-04 21:08 ` Eric Sandeen
1 sibling, 0 replies; 3+ messages in thread
From: Eric Sandeen @ 2015-03-04 21:08 UTC (permalink / raw)
To: Eric Sandeen, xfs-oss; +Cc: Adrien Nader
If xfs_filestream_get_parent() fails, we have a null pip,
goto out, and attempt to IRELE(NULL). This causes a null
pointer dereference and BUG().
Fix this by directly returning NULLAGNUMBER in this case.
Reported-by: Adrien Nader <adrien@notk.org>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
V2: skip the goto, because Dave doesn't like it. ;)
diff --git a/fs/xfs/xfs_filestream.c b/fs/xfs/xfs_filestream.c
index a2e86e8..8f9f854 100644
--- a/fs/xfs/xfs_filestream.c
+++ b/fs/xfs/xfs_filestream.c
@@ -322,7 +322,7 @@ xfs_filestream_lookup_ag(
pip = xfs_filestream_get_parent(ip);
if (!pip)
- goto out;
+ return NULLAGNUMBER;
mru = xfs_mru_cache_lookup(mp->m_filestream, pip->i_ino);
if (mru) {
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-04 21:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-03 20:14 [PATCH] xfs: don't release NULL pip in xfs_filestream_lookup_ag() Eric Sandeen
2015-03-03 21:30 ` Dave Chinner
2015-03-04 21:08 ` [PATCH V2] xfs: fix NULL pointer dereference " Eric Sandeen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox