diff mbox series

xfs: fix btree scrub checking with regards to root-in-inode

Message ID 20190318164336.GO4929@magnolia (mailing list archive)
State Accepted
Headers show
Series xfs: fix btree scrub checking with regards to root-in-inode | expand

Commit Message

Darrick J. Wong March 18, 2019, 4:43 p.m. UTC 
From: Darrick J. Wong <darrick.wong@oracle.com>

In xchk_btree_check_owner, we can be passed a null buffer pointer.  This
should only happen for the root of a root-in-inode btree type, but we
should program defensively in case the btree cursor state ever gets
screwed up and we get a null buffer anyway.

Coverity-id: 1438713
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 fs/xfs/scrub/btree.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

Comments

Brian Foster March 19, 2019, 1 p.m. UTC | #1 
On Mon, Mar 18, 2019 at 09:43:36AM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> In xchk_btree_check_owner, we can be passed a null buffer pointer.  This
> should only happen for the root of a root-in-inode btree type, but we
> should program defensively in case the btree cursor state ever gets
> screwed up and we get a null buffer anyway.
> 
> Coverity-id: 1438713
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---

Reviewed-by: Brian Foster <bfoster@redhat.com>

>  fs/xfs/scrub/btree.c |   11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/xfs/scrub/btree.c b/fs/xfs/scrub/btree.c
> index 6271a277eabe..cf4046c9e250 100644
> --- a/fs/xfs/scrub/btree.c
> +++ b/fs/xfs/scrub/btree.c
> @@ -481,8 +481,17 @@ xchk_btree_check_owner(
>  	struct xfs_btree_cur	*cur = bs->cur;
>  	struct check_owner	*co;
>  
> -	if ((cur->bc_flags & XFS_BTREE_ROOT_IN_INODE) && bp == NULL)
> +	/*
> +	 * In theory, xfs_btree_get_block should only give us a null buffer
> +	 * pointer for the root of a root-in-inode btree type, but we need
> +	 * to check defensively here in case the cursor state is also screwed
> +	 * up.
> +	 */
> +	if (bp == NULL) {
> +		if (!(cur->bc_flags & XFS_BTREE_ROOT_IN_INODE))
> +			xchk_btree_set_corrupt(bs->sc, bs->cur, level);
>  		return 0;
> +	}
>  
>  	/*
>  	 * We want to cross-reference each btree block with the bnobt
diff mbox series

Patch

diff --git a/fs/xfs/scrub/btree.c b/fs/xfs/scrub/btree.c
index 6271a277eabe..cf4046c9e250 100644
--- a/fs/xfs/scrub/btree.c
+++ b/fs/xfs/scrub/btree.c
@@ -481,8 +481,17 @@  xchk_btree_check_owner(
 	struct xfs_btree_cur	*cur = bs->cur;
 	struct check_owner	*co;
 
-	if ((cur->bc_flags & XFS_BTREE_ROOT_IN_INODE) && bp == NULL)
+	/*
+	 * In theory, xfs_btree_get_block should only give us a null buffer
+	 * pointer for the root of a root-in-inode btree type, but we need
+	 * to check defensively here in case the cursor state is also screwed
+	 * up.
+	 */
+	if (bp == NULL) {
+		if (!(cur->bc_flags & XFS_BTREE_ROOT_IN_INODE))
+			xchk_btree_set_corrupt(bs->sc, bs->cur, level);
 		return 0;
+	}
 
 	/*
 	 * We want to cross-reference each btree block with the bnobt