Message ID | 20190425170806.1213-1-anand.jain@oracle.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | btrfs: fix null pointer dereference in write_pinned_extent_entries | expand |
On Fri, Apr 26, 2019 at 01:08:06AM +0800, Anand Jain wrote: > btrfs/049 fails with null pointer dereference > > kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 > :: > kernel: RIP: 0010:write_pinned_extent_entries+0x27/0x100 [btrfs] > :: > kernel: Call Trace: > kernel: __btrfs_write_out_cache+0x273/0x450 [btrfs] > kernel: btrfs_write_out_ino_cache+0x84/0xd0 [btrfs] > kernel: btrfs_save_ino_cache+0x414/0x500 [btrfs] > kernel: commit_fs_roots+0xc6/0x190 [btrfs] > kernel: btrfs_commit_transaction+0x4de/0xac0 [btrfs] > kernel: btrfs_sync_file+0x35b/0x3d0 [btrfs] > kernel: do_fsync+0x38/0x60 > kernel: __x64_sys_fsync+0x10/0x20 > > %block_group::fs_info should be accessed only when block_group is not null. > > (Fixes: de965ddc6f29 btrfs: get fs_info from block group in > write_pinned_extent_entries) Thanks, I fixed it in misc-next already.
diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index ea7fecf63fbb..a065041e7c80 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -1044,7 +1044,7 @@ static noinline_for_stack int write_pinned_extent_entries( struct btrfs_io_ctl *io_ctl, int *entries) { - struct btrfs_fs_info *fs_info = block_group->fs_info; + struct btrfs_fs_info *fs_info; u64 start, extent_start, extent_end, len; struct extent_io_tree *unpin = NULL; int ret; @@ -1052,6 +1052,7 @@ static noinline_for_stack int write_pinned_extent_entries( if (!block_group) return 0; + fs_info = block_group->fs_info; /* * We want to add any pinned extents to our free space cache * so we don't leak the space
btrfs/049 fails with null pointer dereference kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 :: kernel: RIP: 0010:write_pinned_extent_entries+0x27/0x100 [btrfs] :: kernel: Call Trace: kernel: __btrfs_write_out_cache+0x273/0x450 [btrfs] kernel: btrfs_write_out_ino_cache+0x84/0xd0 [btrfs] kernel: btrfs_save_ino_cache+0x414/0x500 [btrfs] kernel: commit_fs_roots+0xc6/0x190 [btrfs] kernel: btrfs_commit_transaction+0x4de/0xac0 [btrfs] kernel: btrfs_sync_file+0x35b/0x3d0 [btrfs] kernel: do_fsync+0x38/0x60 kernel: __x64_sys_fsync+0x10/0x20 %block_group::fs_info should be accessed only when block_group is not null. (Fixes: de965ddc6f29 btrfs: get fs_info from block group in write_pinned_extent_entries) Signed-off-by: Anand Jain <anand.jain@oracle.com> --- fs/btrfs/free-space-cache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)