From patchwork Thu May 7 12:18:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11533377 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ABC241862 for ; Thu, 7 May 2020 12:20:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 936B120CC7 for ; Thu, 7 May 2020 12:20:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="tNdWKZzt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726618AbgEGMUV (ORCPT ); Thu, 7 May 2020 08:20:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726533AbgEGMUU (ORCPT ); Thu, 7 May 2020 08:20:20 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2CC7C05BD09 for ; Thu, 7 May 2020 05:20:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=WF33vC/bodvUF7NghCXDd3pWmnd1FAA9pxqzAYyGmn4=; b=tNdWKZzttjjGVOyELl8K5B+kzz zpHyZzgjTOg2mv4p/E0V0TIFEUAGIIGSiBdioZfwbnnJ529vt3Cnj39M61aIFppuNM5ZEFvchOFOV O7wSysr6UByp2fmP5PFhB/aJJPLGTq6dvlsqhxiaUpwxiLK7tZtTDe/LLaxdbeACTO3dho5K1NOKv XxZ87nAYQpbElwyckHeF5/X4sckqStPybjl4zRVkEBJ1XOqcCHWGe7Agmc3PvNLpTedwHqUHHNrOD Mi+Wdjnt/goYKgLnjWImXxIQwKYarGpH9LwIY0+EWbMQM0Dt/T4R7p43AFW9ojfTil2elGMXMi+yM rKddFX7A==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWfVj-0007em-EU; Thu, 07 May 2020 12:20:19 +0000 From: Christoph Hellwig To: sandeen@sandeen.net Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" , Dave Chinner Subject: [PATCH 35/58] xfs: don't ever return a stale pointer from __xfs_dir3_free_read Date: Thu, 7 May 2020 14:18:28 +0200 Message-Id: <20200507121851.304002-36-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200507121851.304002-1-hch@lst.de> References: <20200507121851.304002-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org From: "Darrick J. Wong" Source kernel commit: 1cb5deb5bc095c070c09a4540c45f9c9ba24be43 If we decide that a directory free block is corrupt, we must take care not to leak a buffer pointer to the caller. After xfs_trans_brelse returns, the buffer can be freed or reused, which means that we have to set *bpp back to NULL. Callers are supposed to notice the nonzero return value and not use the buffer pointer, but we should code more defensively, even if all current callers handle this situation correctly. Fixes: de14c5f541e7 ("xfs: verify free block header fields") Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Christoph Hellwig --- libxfs/xfs_dir2_node.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libxfs/xfs_dir2_node.c b/libxfs/xfs_dir2_node.c index 56eae67e..48c06da2 100644 --- a/libxfs/xfs_dir2_node.c +++ b/libxfs/xfs_dir2_node.c @@ -225,6 +225,7 @@ __xfs_dir3_free_read( if (fa) { __xfs_buf_mark_corrupt(*bpp, fa); xfs_trans_brelse(tp, *bpp); + *bpp = NULL; return -EFSCORRUPTED; }