Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5976625ybc; Wed, 27 Nov 2019 12:44:50 -0800 (PST) X-Google-Smtp-Source: APXvYqw/jX0iLeJteY3XxhAftNWE+NaLs+d/q8lcKqK5dfnHo2bJbWnHHNACmsgAmxnHVhUp2hMS X-Received: by 2002:a05:6402:142c:: with SMTP id c12mr34200829edx.96.1574887490858; Wed, 27 Nov 2019 12:44:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574887490; cv=none; d=google.com; s=arc-20160816; b=aU/1GFrMJUqTnEjuhmPfmW2OBdg3rriQFe/GR85prBDBbv8EwOxQcN+TXuJWMvFJne Z79Ap26ogXuRhE0m8Uu/q9lZulqxISu7jb3cj51KqgP701ZWSH2xdNiyEHizRP/b73Px wJFnO9q1d3cjmiM+MD4+5tTprR6Ksek9QkXnxPCY3DzCW/2pCXJiI+GQRbBX+27V1lOK eUDWbJTIjz8yZu/hyB0W29qcYxUZvDb4deReRJAcESU5eIgc1CGUEEfTq2Grc6SCztoX ScsGDs+XlwzeszPjeeQQetw2FTZXQg2j5njji9WckNPsYgXyAzX9+d5MyZ+x03u9Vxsu LGJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=U2qwnQh/vMT8ng7b6mcBm/DSlew3R7KlQDZdk7esmSE=; b=dg/qJoaDqnlaNIzoS2DFqTtEPDo02KRlTqNKVcYxqHVbGhmLxa2ABN7Au17kVMghQe tVwwZRbvf3gaUsL5w35dF5B3rT5OASqDg6BDReebsjLlNRwO+izAaaCM9fdn4S6Z5deK zW7HWfewCdA5ys/qg8ysWDuyea/xXALBZJu103JL5oKfYcytzS/46MEP2j2oBJ0R5yNz upEHY6iEFcsnpdhyXnp8mWLFaswjyAwRQ0k5328frleybWxx3xGuh265dZSUl8nhbo11 zBbdXlg2XvGzhaszcipPkVONJVpcCNDDO6RvpC0zdjieGj3QhRsEYroy9J+9OahhyYf5 wVKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TwSFxHDa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c16si10241598ejb.343.2019.11.27.12.44.26; Wed, 27 Nov 2019 12:44:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TwSFxHDa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729282AbfK0UmD (ORCPT + 99 others); Wed, 27 Nov 2019 15:42:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:47824 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729275AbfK0UmC (ORCPT ); Wed, 27 Nov 2019 15:42:02 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C091521741; Wed, 27 Nov 2019 20:42:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574887321; bh=rQC+cGTzMCq1vXMp7OOlM5NKkFtnVplMXAgO3cNKb4g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TwSFxHDaT91EapIk1uxL3E7zvy6xen+rwpB6xn8yrX1DopsPk5Ns3rhnps6gapwwA ZdvjCqA/ucyCHASFRWITCp8uOv+3HT9PJZxGj3yo7DE/aFoi4RednEp5QroLwloBP+ svMSxt91PMzOs04+gaHzz/ZijXCXHF56B6WP66DA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nikolay Borisov , Lu Fengqi , David Sterba , Sasha Levin Subject: [PATCH 4.9 023/151] btrfs: handle error of get_old_root Date: Wed, 27 Nov 2019 21:30:06 +0100 Message-Id: <20191127203014.886551356@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203000.773542911@linuxfoundation.org> References: <20191127203000.773542911@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nikolay Borisov [ Upstream commit 315bed43fea532650933e7bba316a7601d439edf ] In btrfs_search_old_slot get_old_root is always used with the assumption it cannot fail. However, this is not true in rare circumstance it can fail and return null. This will lead to null point dereference when the header is read. Fix this by checking the return value and properly handling NULL by setting ret to -EIO and returning gracefully. Coverity-id: 1087503 Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/ctree.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 3df434eb14743..3faccbf35e9f4 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2973,6 +2973,10 @@ int btrfs_search_old_slot(struct btrfs_root *root, struct btrfs_key *key, again: b = get_old_root(root, time_seq); + if (!b) { + ret = -EIO; + goto done; + } level = btrfs_header_level(b); p->locks[level] = BTRFS_READ_LOCK; -- 2.20.1