From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Pavel Skripkin <paskripkin@gmail.com>,
syzbot+0a89a7b56db04c21a656@syzkaller.appspotmail.com,
Dave Kleikamp <dave.kleikamp@oracle.com>,
Sasha Levin <sashal@kernel.org>,
jfs-discussion@lists.sourceforge.net
Subject: [PATCH AUTOSEL 4.9 24/26] jfs: fix GPF in diFree
Date: Fri, 9 Jul 2021 22:36:02 -0400 [thread overview]
Message-ID: <20210710023604.3172486-24-sashal@kernel.org> (raw)
In-Reply-To: <20210710023604.3172486-1-sashal@kernel.org>
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 9d574f985fe33efd6911f4d752de6f485a1ea732 ]
Avoid passing inode with
JFS_SBI(inode->i_sb)->ipimap == NULL to
diFree()[1]. GFP will appear:
struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap;
struct inomap *imap = JFS_IP(ipimap)->i_imap;
JFS_IP() will return invalid pointer when ipimap == NULL
Call Trace:
diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1]
jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154
evict+0x2ed/0x750 fs/inode.c:578
iput_final fs/inode.c:1654 [inline]
iput.part.0+0x3fe/0x820 fs/inode.c:1680
iput+0x58/0x70 fs/inode.c:1670
Reported-and-tested-by: syzbot+0a89a7b56db04c21a656@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c
index 054cc761b426..87b41edc800d 100644
--- a/fs/jfs/inode.c
+++ b/fs/jfs/inode.c
@@ -161,7 +161,8 @@ void jfs_evict_inode(struct inode *inode)
if (test_cflag(COMMIT_Freewmap, inode))
jfs_free_zero_link(inode);
- diFree(inode);
+ if (JFS_SBI(inode->i_sb)->ipimap)
+ diFree(inode);
/*
* Free the inode from the quota allocation.
--
2.30.2
next prev parent reply other threads:[~2021-07-10 2:41 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-10 2:35 [PATCH AUTOSEL 4.9 01/26] tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 02/26] misc/libmasm/module: Fix two use after free in ibmasm_init_one Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 03/26] Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 04/26] scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() Sasha Levin
2021-07-10 9:16 ` Sergey Shtylyov
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 05/26] scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 06/26] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 07/26] fs/jfs: Fix missing error code in lmLogInit() Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 08/26] scsi: iscsi: Add iscsi_cls_conn refcount helpers Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 09/26] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 10/26] s390/sclp_vt220: fix console name to match device Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 11/26] USB: core: Avoid WARNings for 0-length descriptor requests Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 12/26] ALSA: sb: Fix potential double-free of CSP mixer elements Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 13/26] powerpc/ps3: Add dma_mask to ps3_dma_region Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 14/26] gpio: zynq: Check return value of pm_runtime_get_sync Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 15/26] ALSA: ppc: fix error return code in snd_pmac_probe() Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 16/26] selftests/powerpc: Fix "no_handler" EBB selftest Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 17/26] ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 18/26] ALSA: bebob: add support for ToneWeal FW66 Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 19/26] usb: gadget: f_hid: fix endianness issue with descriptors Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 20/26] usb: gadget: hid: fix error return code in hid_bind() Sasha Levin
2021-07-10 2:35 ` [PATCH AUTOSEL 4.9 21/26] powerpc/boot: Fixup device-tree on little endian Sasha Levin
2021-07-10 2:36 ` [PATCH AUTOSEL 4.9 22/26] backlight: lm3630a: Fix return code of .update_status() callback Sasha Levin
2021-07-10 2:36 ` [PATCH AUTOSEL 4.9 23/26] ALSA: hda: Add IRQ check for platform_get_irq() Sasha Levin
2021-07-10 2:36 ` Sasha Levin [this message]
2021-07-10 2:36 ` [PATCH AUTOSEL 4.9 25/26] i2c: core: Disable client irq on reboot/shutdown Sasha Levin
2021-07-10 2:36 ` [PATCH AUTOSEL 4.9 26/26] lib/decompress_unlz4.c: correctly handle zero-padding around initrds Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210710023604.3172486-24-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dave.kleikamp@oracle.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+0a89a7b56db04c21a656@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).