Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3324994imu;
        Wed, 7 Nov 2018 08:35:05 -0800 (PST)
X-Google-Smtp-Source: AJdET5fFMabHetwTXJ+cFAeEJX/2qb1OUWlQOLnKb0TJPvfu4BIIlLSoMtIRl1mEKRrOxmO4fNuz
X-Received: by 2002:a17:902:bccc:: with SMTP id o12-v6mr905893pls.281.1541608505215;
        Wed, 07 Nov 2018 08:35:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1541608505; cv=none;
        d=google.com; s=arc-20160816;
        b=iog8qB9PQTckv9x9wMm6HFBaaefzvIuJ7415TOzlzULUYVygOTZz0ysEe4eXlxozI7
         II50e1RGt7Pem7bFhfkZ4zEOBdYs5nrxL2cEbnCBWCFsbr2tek0l07Ye+yrL3cEklEF4
         TbXOBraASeMiTdczrkHFfBSqNGQFQHEb4a2gcFE57FNg5bgUSkG3EJ+5/94aBAIuk2nM
         E4yKvRiWnqsnwLIaTphCMNRnctYEZxl+sNLmOZH9fShtoUiUSzMPJjlwjQuw1ZVDAJrF
         TzzjP6roE1awSFH//i4yyGrdsQrHAy9LrwqjI1irClxMFaUQ8K2bsmaBtrdCP3PEQA31
         YMPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=UaXXjSeX5KEIi27cXQdt86WNOwPjgRtNmZk+P+yUNeQ=;
        b=qG8+k3Ux/mWOW3vKVgK/sFLAGRPL6/pIz29KAgh1xSa0MH7jTuI3tSprHzZ64t8hAa
         4ijMYHfvmqu5unXCaKt0XwtQI0Uxun5v3gGmmujySo+oZYM5e1s5pcmitYaX99WXdg+V
         wAAnaZassRq1HlGt0ZLn82ZTJitqusj9tTHOyLylkm9YfUAhTIavk6Q8H1QfMduUuHPE
         oSQXonCb/L/MfnPfdTJA8jRzMJsR8Ekb9QRsWw+eHkb91SuBRMykG2e/NIeVW2fB5Aoo
         spIumEA6lzuSc1tau8O/772BwALNY6WyNsCf0bKahBWYq1CuekQ1dtTxYDdIWbExa7Jt
         TN8Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=CK69W+RY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t124-v6si996085pfc.262.2018.11.07.08.34.49;
        Wed, 07 Nov 2018 08:35:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=CK69W+RY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728018AbeKHCEz (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Wed, 7 Nov 2018 21:04:55 -0500
Received: from imap.thunk.org ([74.207.234.97]:49530 "EHLO imap.thunk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726752AbeKHCEy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Nov 2018 21:04:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org;
         s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
        Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
        Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
        :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
        List-Post:List-Owner:List-Archive;
        bh=UaXXjSeX5KEIi27cXQdt86WNOwPjgRtNmZk+P+yUNeQ=; b=CK69W+RYUSutJJSptevpZ+yG5m
        2BB20a4P9ms2MzGhO2aJWCz/v2w7juLILU+L8/6IMXcvxUJnSZ4O+2Wyc9w8H7q/KpP4Kz115YAgg
        Xlw8CdT9WDpuodDGhzvEnrZgaTkimh14o8z8bsMByYC8bqkCJBFh+zKYzjgiH8V8Y2wE=;
Received: from root (helo=callcc.thunk.org)
        by imap.thunk.org with local-esmtp (Exim 4.89)
        (envelope-from <tytso@thunk.org>)
        id 1gKQm3-0000dj-Of; Wed, 07 Nov 2018 16:33:47 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id F023D7A7D18; Wed,  7 Nov 2018 11:33:46 -0500 (EST)
Date:   Wed, 7 Nov 2018 11:33:46 -0500
From:   "Theodore Y. Ts'o" <tytso@mit.edu>
To:     Vasily Averin <vvs@virtuozzo.com>
Cc:     linux-ext4@vger.kernel.org,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ext4: missing !bh check in ext4_xattr_inode_write()
Message-ID: <20181107163346.GH9919@thunk.org>
Mail-Followup-To: "Theodore Y. Ts'o" <tytso@mit.edu>,
        Vasily Averin <vvs@virtuozzo.com>, linux-ext4@vger.kernel.org,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        linux-kernel@vger.kernel.org
References: <710ddac8-eb88-e631-3b27-74410039d15f@virtuozzo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <710ddac8-eb88-e631-3b27-74410039d15f@virtuozzo.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Nov 04, 2018 at 08:29:39PM +0300, Vasily Averin wrote:
> ext4_getblk() called with map_flags=0 can return NULL,
> it can lead to oops on bh dereferemce
> 
> Fixes e50e5129f384 ("ext4: xattr-in-inode support")
> Cc: stable@kernel.org # 4.13
> 
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
> ---
>  fs/ext4/xattr.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
> index 0b9688683526..6dc6c70828f0 100644
> --- a/fs/ext4/xattr.c
> +++ b/fs/ext4/xattr.c
> @@ -1384,6 +1384,8 @@ static int ext4_xattr_inode_write(handle_t *handle, struct inode *ea_inode,
>  		bh = ext4_getblk(handle, ea_inode, block, 0);
>  		if (IS_ERR(bh))
>  			return PTR_ERR(bh);
> +		if (!bh)
> +			return -ENOMEM;

ext4_getblk() should never return NULL here; and if it does, it won't
be because of ENOMEM.  If we did have a memory allocation problem, we
would have returned ERR_PTR(-ENOMEM). 

In the while loop above this point, the blocks in ea_inode would have
been allocated, and so when ext4_getblk() is called with map_flags ==
0, it will return NULL if there is a hole in the inode --- but we had
*just* allocated the blocks in question.

The only time that bh could be NULL, then, would be in the case of
something really going wrong; a programming error elsewhere (perhaps a
wild pointer dereference) or I/O error causing on-disk file system
corruption (although that would be highly unlikely given that we had
*just* allocated the blocks and so the metadata blocks in question
probably would still be in the cache).

If we do want to handle this case, what we should do is something like
call WARN_ON_ONCE(1), call ext4_error() since the file system may have
gotten corrupted, and then return -EFSCORRUPTED.

(Linus has said that there should be no new BUG_ON's, so the
WARN_ON_ONE is to help debugging, and flaging the file system as
corrupted is probably the best we could do here, and is marginally
better than what we do now, which is just let the Oops take place.)

						- Ted