Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3704290imc; Thu, 14 Mar 2019 03:26:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqyhvOtwoLKCFC2bfwFovMr5AQY0C0LixHq7t2BkwfSFlalDLpzeKktPwJVlPueuLn5JFtGi X-Received: by 2002:a17:902:b08a:: with SMTP id p10mr22398905plr.307.1552559199803; Thu, 14 Mar 2019 03:26:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552559199; cv=none; d=google.com; s=arc-20160816; b=umGREeK3uTPbAXNLZuWCs12Vgrrllbvqa/ukCiUFCa4eta2VbLEROHDIBousCQZzC/ VtKPYUTSXx9vBxja6MTqZMwvpvqsO1F32Ku19bxFviZ3xDx3IJKQjMznONtTfKwOqTCm NiUBeb/6ruzmPiTXywM5sFUXxBHm+pPBzJkl2v97I/Rihqv40QnXEXiAj9jGM3Rdr6Es fA2RR1WB/rhksqoqcjzhr/62WQy2yx/evTq2mCRBtC5PNFUb/yNwtMV8vGUR5ImAoKmr xZdSrtIkiI9dp5KJxPfxKCACoWKs/Jv+7P9dQOsNiQdibhl4JcQaKoQ4/AMIgH11tm7R GYmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=I0j9bR7lowP1glw9GTkEGTLy5f74anVw1nOhl9Jmn5c=; b=fxuKd2sZ4CfPkv2kWqIuNFfzRsfQvcM32ztJ8tuK4oozv8cryS5dZfSerxUCsOqtR+ tvlg3rX02Vi0QAKg/esqFLTaOLv6xzKQTXXPBUgPZDnjr0h6oW5krLcJFnUJGk1GHQzy ZZdApNwHLFHruwHtpjUj91H/g/j4HUeT+UkeWlHN8k+6eS1wDsCWdIRKoQJAknT554z4 rLvJdDD6Fao318n+JnUX5MnBLvi1EzUZjC6ZAK2Ma8l7RMdkl58YmdfJCtZbG6XO0KIf 36LLSQEg8xBB28PLmAIy7HdDRkCU7fmxqDz5LG8qdsLTm0z9ts24O5IiecNQDQnsT2z2 xWJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y24si7745089plp.98.2019.03.14.03.26.24; Thu, 14 Mar 2019 03:26:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727295AbfCNKYH (ORCPT + 99 others); Thu, 14 Mar 2019 06:24:07 -0400 Received: from mout.gmx.net ([212.227.17.21]:46269 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726539AbfCNKYH (ORCPT ); Thu, 14 Mar 2019 06:24:07 -0400 Received: from [0.0.0.0] ([173.82.105.236]) by mail.gmx.com (mrgmx101 [212.227.17.174]) with ESMTPSA (Nemesis) id 0LabZr-1gchTM06RD-00mM3V; Thu, 14 Mar 2019 11:23:51 +0100 Subject: Re: [PATCH] btrfs: fix a NULL pointer dereference To: Qu Wenruo , Nikolay Borisov , Kangjie Lu Cc: pakki001@umn.edu, Chris Mason , Josef Bacik , David Sterba , linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org References: <20190314075041.28966-1-kjlu@umn.edu> <50fa02f1-18c0-b039-ec2f-e16b715f53ff@gmx.com> From: Su Yue Message-ID: <66e8b376-b254-621c-ab3f-6af9d3182689@gmx.com> Date: Thu, 14 Mar 2019 18:23:44 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Thunderbird/66.0 MIME-Version: 1.0 In-Reply-To: <50fa02f1-18c0-b039-ec2f-e16b715f53ff@gmx.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:N9AY34vqCyIauzQWZK7xKOoKMM1n3tjuQuGJiFrbNvcp0PNaPDK mjUx9VWH9OWLs3yoxKKgubPoYRDjsYehzwEShoNzeKfbnP1rvr16FHJCh0+UzCU49ZX6/5o WX5n7mVEFu/0IWu+FClQOwictXPy/4MQS2th0SHltng1CyjfnnjuGcjcOa8kDrpi31RgKPe H4i6PJ/PjrH+YjazBMikg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:jq+rUD2Qnv0=:u4d2e9ylhA7+PprSzKXFzL VYGpNbiogA43dL0sPJqYf+0EEGs1Jv+le99d1iaFA6/JPTS9fT5TUVeDeEQ32HOl/pUgErA17 axNgeW/0Cg3Q1pOkeM1Z5aO5Z8i5C1HVoTVGgFsQ+NxulqPa1SVRm1twH0dAfmeslVK0oRz6j DuhNXItmJmwI9jl4mgF+i2X1uvXr0gCXV2fWVytsw/7MQrqFflWbsFkzHNjdRBXODtBvgK7gt GUi9XywOrqKWhKLaqa50ABdcVXfHTrvLqYkMA92lUArjh4KBeXBuqMkLxOJh3LS2JSfnJBgC6 jrLNxOlWkgBFQ3To8FOdo8E+KXR7h+idsKpj0eAVQ5A73cVkBsUL8w306tfA19TZGZp5Ckvge VfFnI+TE6FoYu+PuXZegVABaPKx4L+5wb4vk5WDnD9QqrWxOYLEP3hYDPixFRZLUZhlGdoxAk omz1bRMIU94Q2fuCBDhwzI/n0LX6jYKywVWcjbuH5X9hQtW1d1S3HRd6L1n3fgjoIdz0hLACh gCPzAKZhPCYBnwUBzQmBIP77VmqpFO57ozBcOupOQZslVFXHIO78kYQl378XzJL6g0s56JKHv utzeeTeMrWITppTZWETXkvpvFKhTdTBXPQNj53WvZMLaUZLktRZKrgk4S3OORnyF3QuCk8hCm i87XIgoeQDy6OODKrt5W7N6tvRbj31KsekcTJnzdpPQarS65OoGkkpsd8uDL/AyK1Nolpa1SG 7Izy5FM+SXSzWoAEs1OQ/IdvAIVG1lVcNF3W87vzuPf6T9Fvt+/SPMCPM2cuf9JS6hM29qxfU /BCgVcLHY3KX/+bpMjVQ32usCZDMku2Kb5bKF1GmN1wzzlWG4lL8AWBCQA2riIrxhB/cOqNzw bZIiyrxA2En/ydkyfDnRJLwSNAp7SVNetkTt0DZ0/9Po3HRg4q0e7dLlPGBhz3Qn+hHtYHj4J pXGLu1pGG9A== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/3/14 4:02 PM, Qu Wenruo wrote: > > > On 2019/3/14 下午3:54, Nikolay Borisov wrote: >> >> >> On 14.03.19 г. 9:50 ч., Kangjie Lu wrote: >>> btrfs_lookup_block_group may fail and return NULL. The fix goes >>> to out when it fails to avoid NULL pointer dereference. >> >> Actually no, in this case btrfs_lookup_block_group must never fail >> because if we have an allocated eb then it must have been allocated from >> a bg. > > Yep, that's the normal case. > > However I'm wondering if it's possible to get a bad eb which is cached. > > Then we could hit such situation. > > So I still believe being safe here still makes sense, especially who > knows future fuzzed image will be. Plus one. Personally, I'd rather like the version 1. Thanks, Su > > Thanks, > Qu > >> >>> >>> Signed-off-by: Kangjie Lu >>> --- >>> fs/btrfs/extent-tree.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c >>> index 994f0cc41799..b1e7985bcb9d 100644 >>> --- a/fs/btrfs/extent-tree.c >>> +++ b/fs/btrfs/extent-tree.c >>> @@ -7303,6 +7303,8 @@ void btrfs_free_tree_block(struct btrfs_trans_handle *trans, >>> >>> pin = 0; >>> cache = btrfs_lookup_block_group(fs_info, buf->start); >>> + if (!cache) >>> + goto out; >>> >>> if (btrfs_header_flag(buf, BTRFS_HEADER_FLAG_WRITTEN)) { >>> pin_down_extent(fs_info, cache, buf->start, >>>