From patchwork Mon Jul 29 10:50:10 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "jeff.liu" <jeff.liu@oracle.com>
X-Patchwork-Id: 2834886
Return-Path: <ocfs2-devel-bounces@oss.oracle.com>
X-Original-To: patchwork-ocfs2-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 79E87C0319
	for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Mon, 29 Jul 2013 10:50:55 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 695A320201
	for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Mon, 29 Jul 2013 10:50:54 +0000 (UTC)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 7BD50201F4
	for <patchwork-ocfs2-devel@patchwork.kernel.org>;
	Mon, 29 Jul 2013 10:50:52 +0000 (UTC)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238])
	by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1)
	with ESMTP id r6TAoCkn001776
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 29 Jul 2013 10:50:13 GMT
Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51])
	by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	r6TAo6pl004116
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 29 Jul 2013 10:50:07 GMT
Received: from localhost ([127.0.0.1] helo=oss.oracle.com)
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <ocfs2-devel-bounces@oss.oracle.com>)
	id 1V3l1i-0003lV-Py; Mon, 29 Jul 2013 03:50:06 -0700
Received: from acsinet22.oracle.com ([141.146.126.238])
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <jeff.liu@oracle.com>) id 1V3l1S-0003kb-GH
	for ocfs2-devel@oss.oracle.com; Mon, 29 Jul 2013 03:49:50 -0700
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85])
	by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	r6TAnnGV003425
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 29 Jul 2013 10:49:49 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72])
	by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	r6TAnmET009900; Mon, 29 Jul 2013 10:49:48 GMT
Received: from [192.168.1.101] (/221.223.98.214)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Mon, 29 Jul 2013 03:49:48 -0700
Message-ID: <51F648E2.8030704@oracle.com>
Date: Mon, 29 Jul 2013 18:50:10 +0800
From: Jeff Liu <jeff.liu@oracle.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:11.0) Gecko/20120410 Thunderbird/11.0.1
MIME-Version: 1.0
To: David Weber <wb@munzinger.de>
References: <1394429.Cu7O6gPXEE@o3-3>
In-Reply-To: <1394429.Cu7O6gPXEE@o3-3>
Cc: Al Viro <viro@ZenIV.linux.org.uk>, ocfs2-devel@oss.oracle.com
Subject: Re: [Ocfs2-devel] NULL pointer dereference at
	ocfs2_dir_foreach_blk_id
X-BeenThere: ocfs2-devel@oss.oracle.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ocfs2-devel.oss.oracle.com>
List-Unsubscribe: <https://oss.oracle.com/mailman/listinfo/ocfs2-devel>,
	<mailto:ocfs2-devel-request@oss.oracle.com?subject=unsubscribe>
List-Archive: <http://oss.oracle.com/pipermail/ocfs2-devel>
List-Post: <mailto:ocfs2-devel@oss.oracle.com>
List-Help: <mailto:ocfs2-devel-request@oss.oracle.com?subject=help>
List-Subscribe: <https://oss.oracle.com/mailman/listinfo/ocfs2-devel>,
	<mailto:ocfs2-devel-request@oss.oracle.com?subject=subscribe>
Sender: ocfs2-devel-bounces@oss.oracle.com
Errors-To: ocfs2-devel-bounces@oss.oracle.com
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Hi David,

Thanks for your report, could you try the fix below?

From: Jie Liu <jeff.liu@oracle.com>

This patch fix an NULL pointer deference while removing an empty
directory, which was introduced by commits:
	commit: 3704412bdbf37ec836152f571ac74fe72220c05a
	[readdir] convert ocfs2

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<          (null)>]           (null)
PGD 6da85067 PUD 6da89067 PMD 0 
Oops: 0010 [#1] SMP 
CPU: 0 PID: 6564 Comm: rmdir Tainted: G           O 3.11.0-rc1 #4
RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
Call Trace:
[<ffffffffa038a30e>] ? ocfs2_dir_foreach_blk_id+0x17e/0x220 [ocfs2]
[<ffffffffa038e5f9>] ocfs2_dir_foreach+0x49/0x50 [ocfs2]
[<ffffffffa038ec2c>] ocfs2_empty_dir+0x12c/0x3e0 [ocfs2]
[<ffffffffa03b3ade>] ocfs2_unlink+0x56e/0xc10 [ocfs2]
[<ffffffff811b3a05>] vfs_rmdir+0xd5/0x140
[<ffffffff811b3c3b>] do_rmdir+0x1cb/0x1e0
[<ffffffff813697f4>] ? lockdep_sys_exit_thunk+0x35/0x67
[<ffffffff8136977e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff811b6996>] SyS_rmdir+0x16/0x20
[<ffffffff816e2a82>] system_call_fastpath+0x16/0x1b
Code:  Bad RIP value.
RIP  [<          (null)>]           (null)
RSP <ffff88006daddc10>
CR2: 0000000000000000
---[ end trace dbb276999e4cdc71 ]---

Reported-by: David Weber <wb@munzinger.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jie Liu <jeff.liu@oracle.com>
---
 fs/ocfs2/dir.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
index eb760d8..c91d986 100644
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -2153,10 +2153,12 @@ int ocfs2_empty_dir(struct inode *inode)
 {
 	int ret;
 	struct ocfs2_empty_dir_priv priv = {
-		.ctx.actor = ocfs2_empty_dir_filldir
+		.ctx.actor = ocfs2_empty_dir_filldir,
+		.ctx.pos = 0,
 	};
 
-	memset(&priv, 0, sizeof(priv));
+	memset(&priv + sizeof(struct dir_context), 0,
+	       sizeof(priv) - sizeof(struct dir_context));
 
 	if (ocfs2_dir_indexed(inode)) {
 		ret = ocfs2_empty_dir_dx(inode, &priv);