Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp737067imm; Thu, 13 Sep 2018 07:03:13 -0700 (PDT) X-Google-Smtp-Source: ANB0VdacVbG3+bbckr8e1odTNMY/yd9X10CNdYmLY7V2CWTekIUpLMIkc8ls1tcqPS1mSLiMfpEL X-Received: by 2002:a63:1947:: with SMTP id 7-v6mr7439950pgz.192.1536847393455; Thu, 13 Sep 2018 07:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536847393; cv=none; d=google.com; s=arc-20160816; b=nTtOqMpmoQB1JxOHsy6j0+TfHBvIX5D+WanReQ3K4ovT3Jns8NSt6vKv/DJMsT56h/ ge7+cc4f5Xx8zI4Txs0GYLj5x0H7Lu86njzGIL38GarkoyW+wBqE/+aQZmA+3CNNTBN0 2bA3LtDh/0OcuILs/QRUUUkXIgu5szEmWWEV8zpy0FrtK+ZS2a0slP4RnKgHqVeJNkAl ERlCQGWN6B+nojQa+z4qyeeMM+MyD7rZPONWTJX6eD4j3ZcZtaCuVfAJ6g/s4qn1eYPK qpC6mw/CklsD0trBeHm5z1ePe4t6Zmt6qywE31CJ46k25ucOd+9ncW7T8F2bhuMm07ID yOTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=7rHJhtEEvvaH0I8lzG02d4cY/rZSicm6/vvSshgwefQ=; b=T+uP9muKO+XOwlC6wMrvs6s0ah83MHEywHoAOJdn69TvdIi3dg0FirLzgiL0RWEVYD y4abDbvTIICFNj5mKb7A69O8oKU0c09DCADYjTIGOqbUA7Fvrsqh7Kkc3aQw1mNq6SMq hJi+yP33TTcKQ1ZPsTpHxNt916mvLvnmUOW1tDHvewIoAgjLZSHpoNV3MYOJkvZSjrbi CGILNat/wN9uKjafetKsJsaer3U9C/U2pESzvOtNxntT+fxpFSVrLBg6CnH8utzfWFGA ogm2XkBT3wI4qyTzsUH/jtIjS7AL01kmzTE29m1Dxu03h9WWFg9Ah0W/gzHR2ctFzpWM Fmbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1-v6si3800819plb.348.2018.09.13.07.02.56; Thu, 13 Sep 2018 07:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731686AbeIMTKv (ORCPT + 99 others); Thu, 13 Sep 2018 15:10:51 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:35002 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731189AbeIMTKu (ORCPT ); Thu, 13 Sep 2018 15:10:50 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7E5C1D1B; Thu, 13 Sep 2018 14:01:12 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xu Wen , Qu Wenruo , Gu Jinxiang , David Sterba , Sasha Levin Subject: [PATCH 4.18 136/197] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Date: Thu, 13 Sep 2018 15:31:25 +0200 Message-Id: <20180913131846.997463024@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180913131841.568116777@linuxfoundation.org> References: <20180913131841.568116777@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Qu Wenruo [ Upstream commit 389305b2aa68723c754f88d9dbd268a400e10664 ] Invalid reloc tree can cause kernel NULL pointer dereference when btrfs does some cleanup of the reloc roots. It turns out that fs_info::reloc_ctl can be NULL in btrfs_recover_relocation() as we allocate relocation control after all reloc roots have been verified. So when we hit: note, we haven't called set_reloc_control() thus fs_info::reloc_ctl is still NULL. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833 Reported-by: Xu Wen Signed-off-by: Qu Wenruo Tested-by: Gu Jinxiang Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/relocation.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1321,18 +1321,19 @@ static void __del_reloc_root(struct btrf struct mapping_node *node = NULL; struct reloc_control *rc = fs_info->reloc_ctl; - spin_lock(&rc->reloc_root_tree.lock); - rb_node = tree_search(&rc->reloc_root_tree.rb_root, - root->node->start); - if (rb_node) { - node = rb_entry(rb_node, struct mapping_node, rb_node); - rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root); + if (rc) { + spin_lock(&rc->reloc_root_tree.lock); + rb_node = tree_search(&rc->reloc_root_tree.rb_root, + root->node->start); + if (rb_node) { + node = rb_entry(rb_node, struct mapping_node, rb_node); + rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root); + } + spin_unlock(&rc->reloc_root_tree.lock); + if (!node) + return; + BUG_ON((struct btrfs_root *)node->data != root); } - spin_unlock(&rc->reloc_root_tree.lock); - - if (!node) - return; - BUG_ON((struct btrfs_root *)node->data != root); spin_lock(&fs_info->trans_lock); list_del_init(&root->root_list);