From patchwork Sat Feb 24 11:43:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anand Jain <Anand.Jain@oracle.com>
X-Patchwork-Id: 10240365
Return-Path: <linux-btrfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3F8D1602B8 for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sat, 24 Feb 2018 11:42:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 216D429975
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sat, 24 Feb 2018 11:42:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 15F74299E3; Sat, 24 Feb 2018 11:42:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, T_DKIM_INVALID,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B58C299DC
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sat, 24 Feb 2018 11:42:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751296AbeBXLmf (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Sat, 24 Feb 2018 06:42:35 -0500
Received: from userp2130.oracle.com ([156.151.31.86]:57162 "EHLO
	userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750905AbeBXLmd (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Sat, 24 Feb 2018 06:42:33 -0500
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w1OBgX2K171038
	for <linux-btrfs@vger.kernel.org>; Sat, 24 Feb 2018 11:42:33 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : subject :
	date : message-id : in-reply-to : references; s=corp-2017-10-26;
	bh=vi9+p4H7mIFt2PYlG1lzf79SSkqfgAGyTOdEjQZests=;
	b=kLjZmshm/aHWSHT2oUOZB5F+RDroBcyyCVzbBLC/gpHn9I171TL5CFahnxsJJmDyeCxO
	ybYrRbx2y+Ec/VCTVuRpbsjaosFlkR2L/KgBkdP0CFGZLHUsbzhoWLMjrWE01z3etQQP
	pu497tPV1yNBp/JKEqzHL/6tdDJaxFIRq7e6E4MD6iNi4rRIBfVeSCBcdZp1/01slBTs
	dL+xylMyMzX6KD8zvEwfRYub6hQyF0zK7DeNo1XRM7cdD+rxT3V0arWwE/04BEeZVI3U
	BCEI3gC6u/12fe8xtwmpFWnYTJMBD2ZTCCM7n/jgcIN0f1HqEEE2SYtP4w5glB3JWhGq
	zA==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp2130.oracle.com with ESMTP id 2gb710g1js-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK)
	for <linux-btrfs@vger.kernel.org>; Sat, 24 Feb 2018 11:42:33 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w1OBgVO9032726
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <linux-btrfs@vger.kernel.org>; Sat, 24 Feb 2018 11:42:31 GMT
Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id
	w1OBgVVt002454
	for <linux-btrfs@vger.kernel.org>; Sat, 24 Feb 2018 11:42:31 GMT
Received: from localhost.localdomain (/202.156.140.248)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Sat, 24 Feb 2018 03:42:30 -0800
From: Anand Jain <anand.jain@oracle.com>
To: linux-btrfs@vger.kernel.org
Subject: [PATCH v2] btrfs: fix null pointer deref when target device is
	missing
Date: Sat, 24 Feb 2018 19:43:56 +0800
Message-Id: <20180224114356.18029-1-anand.jain@oracle.com>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20180223225545.GP1469@twin.jikos.cz>
References: <20180223225545.GP1469@twin.jikos.cz>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8813
	signatures=668678
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	suspectscore=1 malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1711220000 definitions=main-1802240154
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The replace target device can be missing when mounted with -o degraded,
but we wont allocate a missing btrfs_device to it. So check the device
before access.

BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
Call Trace:
btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
btrfs_ioctl+0x2216/0x2590 [btrfs]
do_vfs_ioctl+0x625/0x650
SyS_ioctl+0x4e/0x80
do_syscall_64+0x5d/0x160
entry_SYSCALL64_slow_path+0x25/0x25

Signed-off-by: Anand Jain <anand.jain@oracle.com>
---
v1->v2: Fix change log. Fix $subject.
  Old $subject
    btrfs: fix NPD when target device is missing

 fs/btrfs/dev-replace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index c97969b2abbd..e279f04b3388 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info)
 
 static char* btrfs_dev_name(struct btrfs_device *device)
 {
-	if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
+	if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
 		return "<missing disk>";
 	else
 		return rcu_str_deref(device->name);