btrfs: oops in device_list_add()
diff mbox series

Message ID 20190127045755.GH2217@ZenIV.linux.org.uk
State New
Headers show
Series
  • btrfs: oops in device_list_add()
Related show

Commit Message

Al Viro Jan. 27, 2019, 4:58 a.m. UTC
alloc_fs_devices() can return ERR_PTR(-ENOMEM), so
dereferencing its result before the check for IS_ERR() is
a bad idea...

Fixes: d1a63002829a4
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

Comments

Nikolay Borisov Jan. 27, 2019, 12:59 p.m. UTC | #1
On 27.01.19 г. 6:58 ч., Al Viro wrote:
> 	alloc_fs_devices() can return ERR_PTR(-ENOMEM), so
> dereferencing its result before the check for IS_ERR() is
> a bad idea...
> 
> Fixes: d1a63002829a4
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Thought this was already fixed, doh...

Reviewed-by: Nikolay Borisov <nborisov@suse.com>

> ---
> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> index 85149f27644d..72adc5643bde 100644
> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -955,11 +955,11 @@ static noinline struct btrfs_device *device_list_add(const char *path,
>  		else
>  			fs_devices = alloc_fs_devices(disk_super->fsid, NULL);
>  
> -		fs_devices->fsid_change = fsid_change_in_progress;
> -
>  		if (IS_ERR(fs_devices))
>  			return ERR_CAST(fs_devices);
>  
> +		fs_devices->fsid_change = fsid_change_in_progress;
> +
>  		mutex_lock(&fs_devices->device_list_mutex);
>  		list_add(&fs_devices->fs_list, &fs_uuids);
>  
>
Anand Jain Jan. 28, 2019, 11:47 a.m. UTC | #2
On 1/27/19 12:58 PM, Al Viro wrote:
> 	alloc_fs_devices() can return ERR_PTR(-ENOMEM), so
> dereferencing its result before the check for IS_ERR() is
> a bad idea...
> 
> Fixes: d1a63002829a4
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

  nice catch.
  Reviewed-by: Anand Jain <anand.jain@oracle.com>

> ---
> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> index 85149f27644d..72adc5643bde 100644
> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -955,11 +955,11 @@ static noinline struct btrfs_device *device_list_add(const char *path,
>   		else
>   			fs_devices = alloc_fs_devices(disk_super->fsid, NULL);
>   
> -		fs_devices->fsid_change = fsid_change_in_progress;
> -
>   		if (IS_ERR(fs_devices))
>   			return ERR_CAST(fs_devices);
>   
> +		fs_devices->fsid_change = fsid_change_in_progress;
> +
>   		mutex_lock(&fs_devices->device_list_mutex);
>   		list_add(&fs_devices->fs_list, &fs_uuids);
>   
>
David Sterba Jan. 28, 2019, 3:04 p.m. UTC | #3
On Sun, Jan 27, 2019 at 04:58:00AM +0000, Al Viro wrote:
> 	alloc_fs_devices() can return ERR_PTR(-ENOMEM), so
> dereferencing its result before the check for IS_ERR() is
> a bad idea...
> 
> Fixes: d1a63002829a4
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Thanks, added to 5.0-rc queue.

Patch
diff mbox series

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 85149f27644d..72adc5643bde 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -955,11 +955,11 @@  static noinline struct btrfs_device *device_list_add(const char *path,
 		else
 			fs_devices = alloc_fs_devices(disk_super->fsid, NULL);
 
-		fs_devices->fsid_change = fsid_change_in_progress;
-
 		if (IS_ERR(fs_devices))
 			return ERR_CAST(fs_devices);
 
+		fs_devices->fsid_change = fsid_change_in_progress;
+
 		mutex_lock(&fs_devices->device_list_mutex);
 		list_add(&fs_devices->fs_list, &fs_uuids);