2024-01-05 19:34:35

by Xiaochen Zou

[permalink] [raw]
Subject: [PATCH] fs/bfs: Null check to prevent null-ptr-deref bug

Similar to ea2b62f3058 (fs/sysv: Null check to prevent
null-ptr-deref bug), bfs is lack of return value check for
sb_getblk(). Adding a null check to prevent null-ptr-defer bug

Signed-off-by: Xiaochen Zou <[email protected]>
---
fs/bfs/file.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/fs/bfs/file.c b/fs/bfs/file.c
index adc2230079c6..35688424bde3 100644
--- a/fs/bfs/file.c
+++ b/fs/bfs/file.c
@@ -39,6 +39,8 @@ static int bfs_move_block(unsigned long from, unsigned long to,
if (!bh)
return -EIO;
new = sb_getblk(sb, to);
+ if (unlikely(!new))
+ return -ENOMEM;
memcpy(new->b_data, bh->b_data, bh->b_size);
mark_buffer_dirty(new);
bforget(bh);
--
2.25.1



2024-01-06 08:38:24

by Tigran Aivazian

[permalink] [raw]
Subject: Re: [PATCH] fs/bfs: Null check to prevent null-ptr-deref bug

Hello,

On Fri, 5 Jan 2024 at 19:33, Xiaochen Zou <[email protected]> wrote:
> Similar to ea2b62f3058 (fs/sysv: Null check to prevent
> null-ptr-deref bug), bfs is lack of return value check for
> sb_getblk(). Adding a null check to prevent null-ptr-defer bug

> diff --git a/fs/bfs/file.c b/fs/bfs/file.c
> index adc2230079c6..35688424bde3 100644
> --- a/fs/bfs/file.c
> +++ b/fs/bfs/file.c
> @@ -39,6 +39,8 @@ static int bfs_move_block(unsigned long from, unsigned long to,
> if (!bh)
> return -EIO;
> new = sb_getblk(sb, to);
> + if (unlikely(!new))
> + return -ENOMEM;

Thank you, yes, that makes sense. Please apply the patch.

Acknowledged-By; Tigran Aivazian <[email protected]>

2024-01-06 18:54:44

by Christian A. Ehrhardt

[permalink] [raw]
Subject: Re: [PATCH] fs/bfs: Null check to prevent null-ptr-deref bug


Hi,

On Sat, Jan 06, 2024 at 08:38:02AM +0000, Tigran Aivazian wrote:
> Hello,
>
> On Fri, 5 Jan 2024 at 19:33, Xiaochen Zou <[email protected]> wrote:
> > Similar to ea2b62f3058 (fs/sysv: Null check to prevent
> > null-ptr-deref bug), bfs is lack of return value check for
> > sb_getblk(). Adding a null check to prevent null-ptr-defer bug
>
> > diff --git a/fs/bfs/file.c b/fs/bfs/file.c
> > index adc2230079c6..35688424bde3 100644
> > --- a/fs/bfs/file.c
> > +++ b/fs/bfs/file.c
> > @@ -39,6 +39,8 @@ static int bfs_move_block(unsigned long from, unsigned long to,
> > if (!bh)
> > return -EIO;
> > new = sb_getblk(sb, to);
> > + if (unlikely(!new))
> > + return -ENOMEM;
>
> Thank you, yes, that makes sense. Please apply the patch.

What's with the bh in this case? Wouldn't we need a brelse or something?

>
> Acknowledged-By; Tigran Aivazian <[email protected]>
>
>

regards Christian


2024-01-07 15:23:57

by Tigran Aivazian

[permalink] [raw]
Subject: Re: [PATCH] fs/bfs: Null check to prevent null-ptr-deref bug

Hi,

On Sat, 6 Jan 2024 at 18:54, Christian A. Ehrhardt <[email protected]> wrote:
> > > if (!bh)
> > > return -EIO;
> > > new = sb_getblk(sb, to);
> > > + if (unlikely(!new))
> > > + return -ENOMEM;
>
> What's with the bh in this case? Wouldn't we need a brelse or something?

Oh sorry, mea culpa et senecta :) Since the data has been read into bh
then I suppose we need bforget(bh) rather than brelse(bh) before
returning -ENOMEM above.

Kind regards,
Tigran