All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Jeffle Xu <jefflexu@linux.alibaba.com>
Cc: jack@suse.cz, linux-ext4@vger.kernel.org, joseph.qi@linux.alibaba.com
Subject: Re: [PATCH v2] ext4: fix error pointer dereference
Date: Thu, 14 May 2020 10:59:31 -0400	[thread overview]
Message-ID: <20200514145931.GA2072305@mit.edu> (raw)
In-Reply-To: <1587628004-95123-1-git-send-email-jefflexu@linux.alibaba.com>

On Thu, Apr 23, 2020 at 03:46:44PM +0800, Jeffle Xu wrote:
> Don't pass error pointers to brelse().
> 
> commit 7159a986b420 ("ext4: fix some error pointer dereferences") has fixed
> some cases, fix the remaining one case.
> 
> Once ext4_xattr_block_find()->ext4_sb_bread() failed, error pointer is
> stored in @bs->bh, which will be passed to brelse() in the cleanup
> routine of ext4_xattr_set_handle(). This will then cause a NULL panic
> crash in __brelse().
> 
> BUG: unable to handle kernel NULL pointer dereference at 000000000000005b
> RIP: 0010:__brelse+0x1b/0x50
> Call Trace:
>  ext4_xattr_set_handle+0x163/0x5d0
>  ext4_xattr_set+0x95/0x110
>  __vfs_setxattr+0x6b/0x80
>  __vfs_setxattr_noperm+0x68/0x1b0
>  vfs_setxattr+0xa0/0xb0
>  setxattr+0x12c/0x1a0
>  path_setxattr+0x8d/0xc0
>  __x64_sys_setxattr+0x27/0x30
>  do_syscall_64+0x60/0x250
>  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> 
> In this case, @bs->bh stores '-EIO' actually.
> 
> Fixes: fb265c9cb49e ("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
> Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
> Cc: stable@kernel.org # 2.6.19
> Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
> Reviewed-by: Jan Kara <jack@suse.cz>

Applied, thanks.

						- Ted

      parent reply	other threads:[~2020-05-14 14:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-23  7:46 [PATCH v2] ext4: fix error pointer dereference Jeffle Xu
2020-04-23  8:42 ` Ritesh Harjani
2020-04-23 11:07 ` Jan Kara
2020-05-14 14:59 ` Theodore Y. Ts'o [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200514145931.GA2072305@mit.edu \
    --to=tytso@mit.edu \
    --cc=jack@suse.cz \
    --cc=jefflexu@linux.alibaba.com \
    --cc=joseph.qi@linux.alibaba.com \
    --cc=linux-ext4@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.