Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5980668ybc; Wed, 27 Nov 2019 12:49:53 -0800 (PST) X-Google-Smtp-Source: APXvYqwqfXaNNX60FSzlyp+Pv5kbHs9qAtNVxqcgkjg576CAbP2is0Alx2SnXrK8YRzIj3PuxQvY X-Received: by 2002:a50:cc07:: with SMTP id m7mr34825042edi.146.1574887793496; Wed, 27 Nov 2019 12:49:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574887793; cv=none; d=google.com; s=arc-20160816; b=Kps2yqiRXpREEtHgEzyu8/SzHYs05Q73uK4lQcYf+E7MeGGvWc/XUYQOmx5KOw13yB 7t3QTD0PsHc5ZYUEWNVaJTQUYjkqfkPzoqbJha8aDBuaQyfMvxr2MBMzEkxkqTYdBY7F GrBZNsvTLZpW70KT6Fh29kwq4Um17BeOpa1OuHw6VI1CmDVVNYvJdv/KFqxVEo14J9tV Wf5CepclKUvM/sKHZLXdn9BLUyQ72cjX1C+seR2QXn5ypRsWvJ0YREBE/1I//XBv8OLu 5KBjsQHTbeD1NRHaCMzbbRyzErIxpBd9HHWIzjisz4FyqCBI2GtUt++TQrNg8278eFtm oG4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=W1U8IaqzpCBI615Nz0yhfdMx34O7dim8riAqSNO6dXU=; b=sJ3IguWrJ/bGJLBP6J+2vtFbYX+Z7T52n8JdflB0vbM4QrobMwmsjxcbixye5PohRk iFdt1L/1A+k5wcEqBoeplnVXVcJSRVVZE7S0zKWDQE/poFm5UOQxMgfmygdWPx5wCv1E KFo0SNhmmaJYc0e82Hrd5Y+7Glh+04aWkNsz/36LR/JEELiMxQeKyUs+08f7EEgjoyaT ifAi4oUUnSUX0m2cORV7kTxXSRTPuZWzxRHqjlqSuAzYTpsU8gydxn1TR8uA+1m5qaCI XRgzDy9hdaydzc/S1Z4/Km82h9M5wECS7g4X6mNpfngmcx8YTBCRunXPr4hH+pCW1uL0 Xc1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=swM85izS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k23si10309926ejd.176.2019.11.27.12.49.29; Wed, 27 Nov 2019 12:49:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=swM85izS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729988AbfK0UrS (ORCPT + 99 others); Wed, 27 Nov 2019 15:47:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:59854 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729972AbfK0UrN (ORCPT ); Wed, 27 Nov 2019 15:47:13 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2DC6421826; Wed, 27 Nov 2019 20:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574887632; bh=phxjke+MdZknIuPKAZ3hQGzWF9cgS8GpyWlJh7zQ7/8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=swM85izSSqYQckxcIFpcF+CHwGkHTH98zDTNa2J8z7JMgPPoUYN8PrGnzzGqjhUHJ zA3CJ5vXA1qCW6ps7HawTtylXye2I4JkxItEmwscZyihwXpDDFyRxQYilfpx2zfgmP NGqmPT0KtMGaXonzBN2Dj3Apo6o7xr7BcG237F3E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nikolay Borisov , Lu Fengqi , David Sterba , Sasha Levin Subject: [PATCH 4.14 033/211] btrfs: handle error of get_old_root Date: Wed, 27 Nov 2019 21:29:26 +0100 Message-Id: <20191127203054.972119527@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203049.431810767@linuxfoundation.org> References: <20191127203049.431810767@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nikolay Borisov [ Upstream commit 315bed43fea532650933e7bba316a7601d439edf ] In btrfs_search_old_slot get_old_root is always used with the assumption it cannot fail. However, this is not true in rare circumstance it can fail and return null. This will lead to null point dereference when the header is read. Fix this by checking the return value and properly handling NULL by setting ret to -EIO and returning gracefully. Coverity-id: 1087503 Signed-off-by: Nikolay Borisov Reviewed-by: Lu Fengqi Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/ctree.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 27983fd657abd..d2263caff3070 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2988,6 +2988,10 @@ int btrfs_search_old_slot(struct btrfs_root *root, const struct btrfs_key *key, again: b = get_old_root(root, time_seq); + if (!b) { + ret = -EIO; + goto done; + } level = btrfs_header_level(b); p->locks[level] = BTRFS_READ_LOCK; -- 2.20.1