diff mbox

[3/3] xfs: check _alloc_read_agf buffer pointer before using

Message ID 150040226878.1216.15454073908001325566.stgit@magnolia (mailing list archive)
State Accepted, archived
Headers show

Commit Message

Darrick J. Wong July 18, 2017, 6:24 p.m. UTC
From: Darrick J. Wong <darrick.wong@oracle.com>

In some circumstances, _alloc_read_agf can return an error code of zero
but also a null AGF buffer pointer.  Check for this and jump out.

Fixes-coverity-id: 1415250
Fixes-coverity-id: 1415320
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 fs/xfs/libxfs/xfs_refcount.c |    4 ++++
 fs/xfs/xfs_reflink.c         |    2 ++
 2 files changed, 6 insertions(+)



--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Brian Foster July 19, 2017, 1:20 p.m. UTC | #1
On Tue, Jul 18, 2017 at 11:24:28AM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> In some circumstances, _alloc_read_agf can return an error code of zero
> but also a null AGF buffer pointer.  Check for this and jump out.
> 

It looks like this is only possible in trylock cases. Otherwise (and
unless I'm missing something), it should always return a buffer or
error.

This is circuitous regardless and so seems fine if it shuts up a
coverity warning:

Reviewed-by: Brian Foster <bfoster@redhat.com>

> Fixes-coverity-id: 1415250
> Fixes-coverity-id: 1415320
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
>  fs/xfs/libxfs/xfs_refcount.c |    4 ++++
>  fs/xfs/xfs_reflink.c         |    2 ++
>  2 files changed, 6 insertions(+)
> 
> 
> diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
> index 900ea23..45b1c3b 100644
> --- a/fs/xfs/libxfs/xfs_refcount.c
> +++ b/fs/xfs/libxfs/xfs_refcount.c
> @@ -1638,6 +1638,10 @@ xfs_refcount_recover_cow_leftovers(
>  	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
>  	if (error)
>  		goto out_trans;
> +	if (!agbp) {
> +		error = -ENOMEM;
> +		goto out_trans;
> +	}
>  	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
>  
>  	/* Find all the leftover CoW staging extents. */
> diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
> index d9b3d57..f45fbf0 100644
> --- a/fs/xfs/xfs_reflink.c
> +++ b/fs/xfs/xfs_reflink.c
> @@ -170,6 +170,8 @@ xfs_reflink_find_shared(
>  	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
>  	if (error)
>  		return error;
> +	if (!agbp)
> +		return -ENOMEM;
>  
>  	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
>  
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Darrick J. Wong July 19, 2017, 3:48 p.m. UTC | #2
On Wed, Jul 19, 2017 at 09:20:32AM -0400, Brian Foster wrote:
> On Tue, Jul 18, 2017 at 11:24:28AM -0700, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> > 
> > In some circumstances, _alloc_read_agf can return an error code of zero
> > but also a null AGF buffer pointer.  Check for this and jump out.
> > 
> 
> It looks like this is only possible in trylock cases. Otherwise (and
> unless I'm missing something), it should always return a buffer or
> error.
> 
> This is circuitous regardless and so seems fine if it shuts up a
> coverity warning:

<shrug> I argue it's also defensive, in case we ever /do/ change the
semantics to allow more "zero return and no bp" cases, then these parts
won't suddenly start blowing up.

I think the Coverity analysis is just plain wrong (it claims that we can
somehow corrupt return values to end up with a zero return having
started with -EIO) but I did spot the trylock case and figured we could
be defensive about that.

--D

> Reviewed-by: Brian Foster <bfoster@redhat.com>
> 
> > Fixes-coverity-id: 1415250
> > Fixes-coverity-id: 1415320
> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > ---
> >  fs/xfs/libxfs/xfs_refcount.c |    4 ++++
> >  fs/xfs/xfs_reflink.c         |    2 ++
> >  2 files changed, 6 insertions(+)
> > 
> > 
> > diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
> > index 900ea23..45b1c3b 100644
> > --- a/fs/xfs/libxfs/xfs_refcount.c
> > +++ b/fs/xfs/libxfs/xfs_refcount.c
> > @@ -1638,6 +1638,10 @@ xfs_refcount_recover_cow_leftovers(
> >  	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
> >  	if (error)
> >  		goto out_trans;
> > +	if (!agbp) {
> > +		error = -ENOMEM;
> > +		goto out_trans;
> > +	}
> >  	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
> >  
> >  	/* Find all the leftover CoW staging extents. */
> > diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
> > index d9b3d57..f45fbf0 100644
> > --- a/fs/xfs/xfs_reflink.c
> > +++ b/fs/xfs/xfs_reflink.c
> > @@ -170,6 +170,8 @@ xfs_reflink_find_shared(
> >  	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
> >  	if (error)
> >  		return error;
> > +	if (!agbp)
> > +		return -ENOMEM;
> >  
> >  	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
> >  
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
index 900ea23..45b1c3b 100644
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1638,6 +1638,10 @@  xfs_refcount_recover_cow_leftovers(
 	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
 	if (error)
 		goto out_trans;
+	if (!agbp) {
+		error = -ENOMEM;
+		goto out_trans;
+	}
 	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
 
 	/* Find all the leftover CoW staging extents. */
diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
index d9b3d57..f45fbf0 100644
--- a/fs/xfs/xfs_reflink.c
+++ b/fs/xfs/xfs_reflink.c
@@ -170,6 +170,8 @@  xfs_reflink_find_shared(
 	error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
 	if (error)
 		return error;
+	if (!agbp)
+		return -ENOMEM;
 
 	cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);