From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755738AbbICNuL (ORCPT ); Thu, 3 Sep 2015 09:50:11 -0400 Received: from sandeen.net ([63.231.237.45]:46075 "EHLO sandeen.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755684AbbICNuK (ORCPT ); Thu, 3 Sep 2015 09:50:10 -0400 X-Greylist: delayed 305 seconds by postgrey-1.27 at vger.kernel.org; Thu, 03 Sep 2015 09:50:09 EDT Subject: Re: [PATCH] xfs: fix null pointer dereference when mapping is NULL To: Brian Foster , Colin King References: <1441274260-10120-1-git-send-email-colin.king@canonical.com> <20150903104537.GA46225@bfoster.bfoster> Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com From: Eric Sandeen Message-ID: <55E84EDE.2080404@sandeen.net> Date: Thu, 3 Sep 2015 08:45:02 -0500 MIME-Version: 1.0 In-Reply-To: <20150903104537.GA46225@bfoster.bfoster> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/3/15 5:45 AM, Brian Foster wrote: > On Thu, Sep 03, 2015 at 10:57:40AM +0100, Colin King wrote: >> From: Colin Ian King >> >> xfs_vm_set_page_dirty checks to see if mapping is NULL however >> before this unlikely check it already dereferenced mapping when >> initializing inode. Move the inode initialization after the mapping >> null check to avoid a potential null pointer dereference. >> >> Fixes: 22e757a49cf0 ("xfs: don't dirty buffers beyond EOF") >> Signed-off-by: Colin Ian King >> --- > > Reviewed-by: Brian Foster Reviewed-by: Eric Sandeen Should probably cc: stable on this one too, the commit it fixes went in at 3.17, and it also cc'd stable. -Eric >> fs/xfs/xfs_aops.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c >> index c77499b..d15ae85 100644 >> --- a/fs/xfs/xfs_aops.c >> +++ b/fs/xfs/xfs_aops.c >> @@ -1935,7 +1935,7 @@ xfs_vm_set_page_dirty( >> struct page *page) >> { >> struct address_space *mapping = page->mapping; >> - struct inode *inode = mapping->host; >> + struct inode *inode; >> loff_t end_offset; >> loff_t offset; >> int newly_dirty; >> @@ -1944,6 +1944,7 @@ xfs_vm_set_page_dirty( >> if (unlikely(!mapping)) >> return !TestSetPageDirty(page); >> >> + inode = mapping->host; >> end_offset = i_size_read(inode); >> offset = page_offset(page); >> >> -- >> 2.5.0 >> >> _______________________________________________ >> xfs mailing list >> xfs@oss.sgi.com >> http://oss.sgi.com/mailman/listinfo/xfs > > _______________________________________________ > xfs mailing list > xfs@oss.sgi.com > http://oss.sgi.com/mailman/listinfo/xfs >