From patchwork Tue Jun 6 19:52:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liu Bo X-Patchwork-Id: 9769979 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0EBAA6035D for ; Tue, 6 Jun 2017 20:53:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC15C284A4 for ; Tue, 6 Jun 2017 20:53:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DF976284F1; Tue, 6 Jun 2017 20:53:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C0AE284A4 for ; Tue, 6 Jun 2017 20:53:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751507AbdFFUxq (ORCPT ); Tue, 6 Jun 2017 16:53:46 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:33932 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751452AbdFFUxp (ORCPT ); Tue, 6 Jun 2017 16:53:45 -0400 Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v56Krexq027401 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 6 Jun 2017 20:53:41 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v56KrewB018557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 6 Jun 2017 20:53:40 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v56Krejn027852; Tue, 6 Jun 2017 20:53:40 GMT Received: from localhost.us.oracle.com (/10.211.47.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Jun 2017 13:53:40 -0700 From: Liu Bo To: linux-btrfs@vger.kernel.org Cc: David Sterba Subject: [PATCH] Btrfs: fix Null pointer dereference in dio read endio Date: Tue, 6 Jun 2017 13:52:52 -0600 Message-Id: <20170606195252.17563-1-bo.li.liu@oracle.com> X-Mailer: git-send-email 2.9.4 X-Source-IP: userv0021.oracle.com [156.151.31.71] Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP With switching to use btrfs_bio_clone_partial() to split bio in directIO path, read endio is also adapted to that by recording a iterator in btrfs_bio, however, it breaks those bios which are less than stripe length thus no need to be split and results in NULL pointer dereference. This fixes the issue by recording the required bio iterator in btrfs_bio_clone() which is used to clone non-split bio in directIO path. It doesn't affect other calls of btrfs_bio_clone() because they don't need to use this iterator. This bug was caught by fstests/generic/091. Cc: David Sterba Signed-off-by: Liu Bo --- Based on David's for-next. Fixes: commit "Btrfs: change how we iterate bios in endio" Have run through fstests without introducing new problems. fs/btrfs/extent_io.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 806e8d6..a91c3a1 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2719,6 +2719,7 @@ struct bio *btrfs_bio_clone(struct bio *bio, gfp_t gfp_mask) btrfs_bio->csum = NULL; btrfs_bio->csum_allocated = NULL; btrfs_bio->end_io = NULL; + btrfs_bio->iter = bio->bi_iter; } return new; }