* [PATCH] bcachefs: fix NULL pointer dereference in try_alloc_bucket
@ 2023-05-30 12:15 Mikulas Patocka
2023-06-01 17:53 ` Kent Overstreet
0 siblings, 1 reply; 2+ messages in thread
From: Mikulas Patocka @ 2023-05-30 12:15 UTC (permalink / raw)
To: Kent Overstreet; +Cc: linux-bcachefs, dm-devel, linux-fsdevel
On Mon, 29 May 2023, Mikulas Patocka wrote:
> The oops happens in set_btree_iter_dontneed and it is caused by the fact
> that iter->path is NULL. The code in try_alloc_bucket is buggy because it
> sets "struct btree_iter iter = { NULL };" and then jumps to the "err"
> label that tries to dereference values in "iter".
Here I'm sending a patch for it.
From: Mikulas Patocka <mpatocka@redhat.com>
The function try_alloc_bucket sets the variable "iter" to NULL and then
(on various error conditions) jumps to the label "err". On the "err"
label, it calls "set_btree_iter_dontneed" that tries to dereference
"iter->trans" and "iter->path".
So, we get an oops on error condition.
This patch fixes the crash by testing that iter.trans and iter.path is
non-zero before calling set_btree_iter_dontneed.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
---
fs/bcachefs/alloc_foreground.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: bcachefs/fs/bcachefs/alloc_foreground.c
===================================================================
--- bcachefs.orig/fs/bcachefs/alloc_foreground.c
+++ bcachefs/fs/bcachefs/alloc_foreground.c
@@ -371,7 +371,8 @@ static struct open_bucket *try_alloc_buc
if (!ob)
iter.path->preserve = false;
err:
- set_btree_iter_dontneed(&iter);
+ if (iter.trans && iter.path)
+ set_btree_iter_dontneed(&iter);
bch2_trans_iter_exit(trans, &iter);
printbuf_exit(&buf);
return ob;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] bcachefs: fix NULL pointer dereference in try_alloc_bucket
2023-05-30 12:15 [PATCH] bcachefs: fix NULL pointer dereference in try_alloc_bucket Mikulas Patocka
@ 2023-06-01 17:53 ` Kent Overstreet
0 siblings, 0 replies; 2+ messages in thread
From: Kent Overstreet @ 2023-06-01 17:53 UTC (permalink / raw)
To: Mikulas Patocka; +Cc: linux-bcachefs, dm-devel, linux-fsdevel
On Tue, May 30, 2023 at 08:15:41AM -0400, Mikulas Patocka wrote:
>
>
> On Mon, 29 May 2023, Mikulas Patocka wrote:
>
> > The oops happens in set_btree_iter_dontneed and it is caused by the fact
> > that iter->path is NULL. The code in try_alloc_bucket is buggy because it
> > sets "struct btree_iter iter = { NULL };" and then jumps to the "err"
> > label that tries to dereference values in "iter".
>
> Here I'm sending a patch for it.
>
>
>
> + set_btree_iter_dontneed(&iter);
> bch2_trans_iter_exit(trans, &iter);
I need to look at this code a bit more, perhaps we'll want to move the
check into set_btree_iter_dontneed(), since iter_exit() is safe to call
on an uninitialized-but-zeroed iterator
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-01 17:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-30 12:15 [PATCH] bcachefs: fix NULL pointer dereference in try_alloc_bucket Mikulas Patocka
2023-06-01 17:53 ` Kent Overstreet
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).