Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp719991imm; Thu, 13 Sep 2018 06:48:17 -0700 (PDT) X-Google-Smtp-Source: ANB0VdasUHtecmGOs5Nr+a95T4IS4UsxMC9rkh/kDApaeN/TMu3UxeePaz5Gh8GKOSSbOVwHdhAj X-Received: by 2002:a62:23c2:: with SMTP id q63-v6mr7604767pfj.116.1536846496978; Thu, 13 Sep 2018 06:48:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536846496; cv=none; d=google.com; s=arc-20160816; b=C24E2m/NfsisFBUQfEzpSZ5wNhK3YSYO6tFwujMkuIsh3DNFl7JjTKFCeLOQTk5h/+ QFXb7yB+Ie2DuEzuMSbVjSR1uBOxA7EwbMWjb7P0O+spY4ufZO2zpUyYAhhXXgQnOaXp ukors5B9ITiKnIPt3CZRqfDxiDCP56eKWZmLvnhbSv/Dd334notcMR5io8yCNGwZw+4t 910iSVGMXZBDkaXTi7/biFP3aoC2PdQ2nglBWQqiMVPAgj8mwFQRAAgKx7pDGGVmZsOs rH0qm2LYI1H10bvSzXPwQgWW4kjOKJm35T6hgxM3hKzvOequt8QqHLqeJD8hbEslqMJd QY0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=ycgPgjUCmMkCORmicASwC9zblWI/eLZUZ+brDSjGmR8=; b=ZpnYPWRN8zA6ZADGW+ONf6pq24zDilGMZ6T5aXuRy0iscoEqhb0h1fbXk/nmTl4eQi ZjzaybKybSwd5CE8y9bhsTNTgMk137a/kbtaugxxjQIrv/meYDkk8oP8OCww6F0vhix0 IFEawiiu6uUthf505R77xZxidalWPVbVBfd3aCFp0zsw1w9mz2AT7mVKDMYU5i2+VbUP Qfc39G/qZFMczw8IM1uMaD4LnDw1/Mi9zwT/iibtflV/1olWULWcnqu0XmdxDZUQ7Bta q622a8+g4a2TU+HfMoWMXHHvN0ngErBz/0nFiOJm2opy1UNq04XoD9QRMEBLVrIfZfdi mCug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x4-v6si3851892plo.459.2018.09.13.06.48.02; Thu, 13 Sep 2018 06:48:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730338AbeIMS4R (ORCPT + 99 others); Thu, 13 Sep 2018 14:56:17 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60920 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728441AbeIMS4Q (ORCPT ); Thu, 13 Sep 2018 14:56:16 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 9791DD19; Thu, 13 Sep 2018 13:46:42 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xu Wen , Qu Wenruo , Gu Jinxiang , David Sterba , Sasha Levin Subject: [PATCH 4.14 082/115] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Date: Thu, 13 Sep 2018 15:31:42 +0200 Message-Id: <20180913131828.612303033@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180913131823.327472833@linuxfoundation.org> References: <20180913131823.327472833@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Qu Wenruo [ Upstream commit 389305b2aa68723c754f88d9dbd268a400e10664 ] Invalid reloc tree can cause kernel NULL pointer dereference when btrfs does some cleanup of the reloc roots. It turns out that fs_info::reloc_ctl can be NULL in btrfs_recover_relocation() as we allocate relocation control after all reloc roots have been verified. So when we hit: note, we haven't called set_reloc_control() thus fs_info::reloc_ctl is still NULL. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/relocation.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1334,18 +1334,19 @@ static void __del_reloc_root(struct btrf struct mapping_node *node = NULL; struct reloc_control *rc = fs_info->reloc_ctl; - spin_lock(&rc->reloc_root_tree.lock); - rb_node = tree_search(&rc->reloc_root_tree.rb_root, - root->node->start); - if (rb_node) { - node = rb_entry(rb_node, struct mapping_node, rb_node); - rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root); + if (rc) { + spin_lock(&rc->reloc_root_tree.lock); + rb_node = tree_search(&rc->reloc_root_tree.rb_root, + root->node->start); + if (rb_node) { + node = rb_entry(rb_node, struct mapping_node, rb_node); + rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root); + } + spin_unlock(&rc->reloc_root_tree.lock); + if (!node) + return; + BUG_ON((struct btrfs_root *)node->data != root); } - spin_unlock(&rc->reloc_root_tree.lock); - - if (!node) - return; - BUG_ON((struct btrfs_root *)node->data != root); spin_lock(&fs_info->trans_lock); list_del_init(&root->root_list);