public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] xfs: fix null pointer dereference when mapping is NULL
@ 2015-09-03  9:57 Colin King
  2015-09-03 10:45 ` Brian Foster
  0 siblings, 1 reply; 3+ messages in thread
From: Colin King @ 2015-09-03  9:57 UTC (permalink / raw)
  To: Dave Chinner, xfs; +Cc: linux-kernel

From: Colin Ian King <colin.king@canonical.com>

xfs_vm_set_page_dirty checks to see if mapping is NULL however
before this unlikely check it already dereferenced mapping when
initializing inode. Move the inode initialization after the mapping
null check to avoid a potential null pointer dereference.

Fixes: 22e757a49cf0 ("xfs: don't dirty buffers beyond EOF")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 fs/xfs/xfs_aops.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
index c77499b..d15ae85 100644
--- a/fs/xfs/xfs_aops.c
+++ b/fs/xfs/xfs_aops.c
@@ -1935,7 +1935,7 @@ xfs_vm_set_page_dirty(
 	struct page		*page)
 {
 	struct address_space	*mapping = page->mapping;
-	struct inode		*inode = mapping->host;
+	struct inode		*inode;
 	loff_t			end_offset;
 	loff_t			offset;
 	int			newly_dirty;
@@ -1944,6 +1944,7 @@ xfs_vm_set_page_dirty(
 	if (unlikely(!mapping))
 		return !TestSetPageDirty(page);
 
+	inode = mapping->host;
 	end_offset = i_size_read(inode);
 	offset = page_offset(page);
 
-- 
2.5.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] xfs: fix null pointer dereference when mapping is NULL
  2015-09-03  9:57 [PATCH] xfs: fix null pointer dereference when mapping is NULL Colin King
@ 2015-09-03 10:45 ` Brian Foster
  2015-09-03 13:45   ` Eric Sandeen
  0 siblings, 1 reply; 3+ messages in thread
From: Brian Foster @ 2015-09-03 10:45 UTC (permalink / raw)
  To: Colin King; +Cc: Dave Chinner, xfs, linux-kernel

On Thu, Sep 03, 2015 at 10:57:40AM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> xfs_vm_set_page_dirty checks to see if mapping is NULL however
> before this unlikely check it already dereferenced mapping when
> initializing inode. Move the inode initialization after the mapping
> null check to avoid a potential null pointer dereference.
> 
> Fixes: 22e757a49cf0 ("xfs: don't dirty buffers beyond EOF")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---

Reviewed-by: Brian Foster <bfoster@redhat.com>

>  fs/xfs/xfs_aops.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
> index c77499b..d15ae85 100644
> --- a/fs/xfs/xfs_aops.c
> +++ b/fs/xfs/xfs_aops.c
> @@ -1935,7 +1935,7 @@ xfs_vm_set_page_dirty(
>  	struct page		*page)
>  {
>  	struct address_space	*mapping = page->mapping;
> -	struct inode		*inode = mapping->host;
> +	struct inode		*inode;
>  	loff_t			end_offset;
>  	loff_t			offset;
>  	int			newly_dirty;
> @@ -1944,6 +1944,7 @@ xfs_vm_set_page_dirty(
>  	if (unlikely(!mapping))
>  		return !TestSetPageDirty(page);
>  
> +	inode = mapping->host;
>  	end_offset = i_size_read(inode);
>  	offset = page_offset(page);
>  
> -- 
> 2.5.0
> 
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] xfs: fix null pointer dereference when mapping is NULL
  2015-09-03 10:45 ` Brian Foster
@ 2015-09-03 13:45   ` Eric Sandeen
  0 siblings, 0 replies; 3+ messages in thread
From: Eric Sandeen @ 2015-09-03 13:45 UTC (permalink / raw)
  To: Brian Foster, Colin King; +Cc: linux-kernel, xfs

On 9/3/15 5:45 AM, Brian Foster wrote:
> On Thu, Sep 03, 2015 at 10:57:40AM +0100, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> xfs_vm_set_page_dirty checks to see if mapping is NULL however
>> before this unlikely check it already dereferenced mapping when
>> initializing inode. Move the inode initialization after the mapping
>> null check to avoid a potential null pointer dereference.
>>
>> Fixes: 22e757a49cf0 ("xfs: don't dirty buffers beyond EOF")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
> 
> Reviewed-by: Brian Foster <bfoster@redhat.com>

Reviewed-by: Eric Sandeen <sandeen@redhat.com>

Should probably cc: stable on this one too, the commit it
fixes went in at 3.17, and it also cc'd stable.

-Eric

>>  fs/xfs/xfs_aops.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
>> index c77499b..d15ae85 100644
>> --- a/fs/xfs/xfs_aops.c
>> +++ b/fs/xfs/xfs_aops.c
>> @@ -1935,7 +1935,7 @@ xfs_vm_set_page_dirty(
>>  	struct page		*page)
>>  {
>>  	struct address_space	*mapping = page->mapping;
>> -	struct inode		*inode = mapping->host;
>> +	struct inode		*inode;
>>  	loff_t			end_offset;
>>  	loff_t			offset;
>>  	int			newly_dirty;
>> @@ -1944,6 +1944,7 @@ xfs_vm_set_page_dirty(
>>  	if (unlikely(!mapping))
>>  		return !TestSetPageDirty(page);
>>  
>> +	inode = mapping->host;
>>  	end_offset = i_size_read(inode);
>>  	offset = page_offset(page);
>>  
>> -- 
>> 2.5.0
>>
>> _______________________________________________
>> xfs mailing list
>> xfs@oss.sgi.com
>> http://oss.sgi.com/mailman/listinfo/xfs
> 
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-09-03 13:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-03  9:57 [PATCH] xfs: fix null pointer dereference when mapping is NULL Colin King
2015-09-03 10:45 ` Brian Foster
2015-09-03 13:45   ` Eric Sandeen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox