From: Christoph Hellwig <hch@lst.de>
To: stable@vger.kernel.org
Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" <darrick.wong@oracle.com>
Subject: [PATCH 13/47] xfs: check _alloc_read_agf buffer pointer before using
Date: Sun, 17 Sep 2017 14:06:38 -0700 [thread overview]
Message-ID: <20170917210712.10804-14-hch@lst.de> (raw)
In-Reply-To: <20170917210712.10804-1-hch@lst.de>
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit 10479e2dea83d4c421ad05dfc55d918aa8dfc0cd upstream.
In some circumstances, _alloc_read_agf can return an error code of zero
but also a null AGF buffer pointer. Check for this and jump out.
Fixes-coverity-id: 1415250
Fixes-coverity-id: 1415320
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
---
fs/xfs/libxfs/xfs_refcount.c | 4 ++++
fs/xfs/xfs_reflink.c | 2 ++
2 files changed, 6 insertions(+)
diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
index e17016163542..d71cb63cdea3 100644
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1640,6 +1640,10 @@ xfs_refcount_recover_cow_leftovers(
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
if (error)
goto out_trans;
+ if (!agbp) {
+ error = -ENOMEM;
+ goto out_trans;
+ }
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
/* Find all the leftover CoW staging extents. */
diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
index 350fc64441b1..0015c19c7455 100644
--- a/fs/xfs/xfs_reflink.c
+++ b/fs/xfs/xfs_reflink.c
@@ -169,6 +169,8 @@ xfs_reflink_find_shared(
error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp);
if (error)
return error;
+ if (!agbp)
+ return -ENOMEM;
cur = xfs_refcountbt_init_cursor(mp, NULL, agbp, agno, NULL);
--
2.14.1
next prev parent reply other threads:[~2017-09-17 21:07 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-17 21:06 4.9-stable updates for XFS Christoph Hellwig
2017-09-17 21:06 ` [PATCH 01/47] xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff() Christoph Hellwig
2017-09-17 21:06 ` [PATCH 02/47] xfs: fix spurious spin_is_locked() assert failures on non-smp kernels Christoph Hellwig
2017-09-17 21:06 ` [PATCH 03/47] xfs: push buffer of flush locked dquot to avoid quotacheck deadlock Christoph Hellwig
2017-09-17 21:06 ` [PATCH 04/47] xfs: try to avoid blowing out the transaction reservation when bunmaping a shared extent Christoph Hellwig
2017-09-17 21:06 ` [PATCH 05/47] xfs: release bli from transaction properly on fs shutdown Christoph Hellwig
2017-09-17 21:06 ` [PATCH 06/47] xfs: remove bli from AIL before release on transaction abort Christoph Hellwig
2017-09-17 21:06 ` [PATCH 07/47] xfs: don't allow bmap on rt files Christoph Hellwig
2017-09-17 21:06 ` [PATCH 08/47] xfs: free uncommitted transactions during log recovery Christoph Hellwig
2017-09-17 21:06 ` [PATCH 09/47] xfs: free cowblocks and retry on buffered write ENOSPC Christoph Hellwig
2017-09-17 21:06 ` [PATCH 10/47] xfs: don't crash on unexpected holes in dir/attr btrees Christoph Hellwig
2017-09-17 21:06 ` [PATCH 11/47] xfs: check _btree_check_block value Christoph Hellwig
2017-09-17 21:06 ` [PATCH 12/47] xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write Christoph Hellwig
2017-09-17 21:06 ` Christoph Hellwig [this message]
2017-09-17 21:06 ` [PATCH 14/47] xfs: fix quotacheck dquot id overflow infinite loop Christoph Hellwig
2017-09-17 21:06 ` [PATCH 15/47] xfs: fix multi-AG deadlock in xfs_bunmapi Christoph Hellwig
2017-09-17 21:06 ` [PATCH 16/47] xfs: Fix per-inode DAX flag inheritance Christoph Hellwig
2017-09-17 21:06 ` [PATCH 17/47] xfs: fix inobt inode allocation search optimization Christoph Hellwig
2017-09-17 21:06 ` [PATCH 18/47] xfs: clear MS_ACTIVE after finishing log recovery Christoph Hellwig
2017-09-17 21:06 ` [PATCH 19/47] xfs: don't leak quotacheck dquots when cow recovery Christoph Hellwig
2017-09-17 21:06 ` [PATCH 20/47] iomap: fix integer truncation issues in the zeroing and dirtying helpers Christoph Hellwig
2017-09-17 21:06 ` [PATCH 21/47] xfs: write unmount record for ro mounts Christoph Hellwig
2017-09-17 21:06 ` [PATCH 22/47] xfs: toggle readonly state around xfs_log_mount_finish Christoph Hellwig
2017-09-17 21:06 ` [PATCH 23/47] xfs: remove xfs_trans_ail_delete_bulk Christoph Hellwig
2017-09-17 21:06 ` [PATCH 24/47] xfs: Add infrastructure needed for error propagation during buffer IO failure Christoph Hellwig
2017-09-17 21:06 ` [PATCH 25/47] xfs: Properly retry failed inode items in case of error during buffer writeback Christoph Hellwig
2017-09-17 21:06 ` [PATCH 26/47] xfs: fix recovery failure when log record header wraps log end Christoph Hellwig
2017-09-17 21:06 ` [PATCH 27/47] xfs: always verify the log tail during recovery Christoph Hellwig
2017-09-17 21:06 ` [PATCH 28/47] xfs: fix log recovery corruption error due to tail overwrite Christoph Hellwig
2017-09-17 21:06 ` [PATCH 29/47] xfs: handle -EFSCORRUPTED during head/tail verification Christoph Hellwig
2017-09-17 21:06 ` [PATCH 30/47] xfs: add log recovery tracepoint for head/tail Christoph Hellwig
2017-09-17 21:06 ` [PATCH 31/47] xfs: stop searching for free slots in an inode chunk when there are none Christoph Hellwig
2017-09-17 21:06 ` [PATCH 32/47] xfs: evict all inodes involved with log redo item Christoph Hellwig
2017-09-17 21:06 ` [PATCH 33/47] xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster() Christoph Hellwig
2017-09-17 21:06 ` [PATCH 34/47] xfs: open-code xfs_buf_item_dirty() Christoph Hellwig
2017-09-17 21:07 ` [PATCH 35/47] xfs: remove unnecessary dirty bli format check for ordered bufs Christoph Hellwig
2017-09-17 21:07 ` [PATCH 36/47] xfs: ordered buffer log items are never formatted Christoph Hellwig
2017-09-17 21:07 ` [PATCH 37/47] xfs: refactor buffer logging into buffer dirtying helper Christoph Hellwig
2017-09-17 21:07 ` [PATCH 38/47] xfs: don't log dirty ranges for ordered buffers Christoph Hellwig
2017-09-17 21:07 ` [PATCH 39/47] xfs: skip bmbt block ino validation during owner change Christoph Hellwig
2017-09-17 21:07 ` [PATCH 40/47] xfs: move bmbt owner change to last step of extent swap Christoph Hellwig
2017-09-17 21:07 ` [PATCH 41/47] xfs: disallow marking previously dirty buffers as ordered Christoph Hellwig
2017-09-17 21:07 ` [PATCH 42/47] xfs: relog dirty buffers during swapext bmbt owner change Christoph Hellwig
2017-09-17 21:07 ` [PATCH 43/47] xfs: disable per-inode DAX flag Christoph Hellwig
2017-09-17 21:07 ` [PATCH 44/47] xfs: fix incorrect log_flushed on fsync Christoph Hellwig
2017-09-17 21:07 ` [PATCH 45/47] xfs: don't set v3 xflags for v2 inodes Christoph Hellwig
2017-09-17 21:07 ` [PATCH 46/47] xfs: open code end_buffer_async_write in xfs_finish_page_writeback Christoph Hellwig
2017-09-17 21:07 ` [PATCH 47/47] xfs: use kmem_free to free return value of kmem_zalloc Christoph Hellwig
2017-09-18 8:22 ` 4.9-stable updates for XFS Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170917210712.10804-14-hch@lst.de \
--to=hch@lst.de \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).