Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp747223ybb; Wed, 25 Mar 2020 08:50:47 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsEAwMWQh2TaslqngkLBZfVR4mgdz55b+UhKjTVBNnRy5m7SM86wCF2zR2cbXHSGysue3gS X-Received: by 2002:a9d:4e3:: with SMTP id 90mr3018300otm.261.1585151447474; Wed, 25 Mar 2020 08:50:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585151447; cv=none; d=google.com; s=arc-20160816; b=bENLhl+jG4+vsBGLSeguqI0fy854cRHIGM5N9hb7b9h/pNHJLIfg4nCBloZ9YqSsee k2c2r5y14uVoAg+vYCW93mTJFbTqT12mD8Vp+eJx5mPPXJUQfF2iXS25RfVBahE+eV68 jr3krA5/yVXzbMR8U7LTrlDEsGdZdoci04OhV8bW9uOuENwAY185PwCNrWtrfF8EO/OO d1z4tXmZVOVC3U3LqNcrbU/x5Pu8gEz/VMrVnsMKfg5RUFJ4QjsLFAIkWPTTeDBLrO0O zluJstJCFBizIc24zr0M6JKOVy3F25WH+NXJ6KRjucNSWTP3xdpk0u/AjAwRg143wlUm FCIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=U2UcWWiTTIdrpwrLpQ0TAgbuts3D4Tox9KUv/SRx5/Y=; b=P7QTSc0uuNFGZwXvGR15uaXSQ59YsK6lvB5/msQeOdcYe1R1opgJ+N1kfCZSEjhoZb 8mFxEN1ZPCX7NyP/YR4wI3gBy2o8e6o3Q/s9fTuNPlMBX/iqPEbXMg2p/G9q324ZSD5P iGHWxOPCSydNsl0f4Tvi+C7P18FWuhqsbUYlwhKYJj3b2b4Dypxxs+11s3augKRg1WJH VCVn5rmy+06DiPto2G6cNk8VaAzfBL6faFPVCGPioSd68DYrdRX3pHV8QeFjAGQyqaxn /oX0tvz1lLAqm4aTaSEAKD+fAZky5h75YhOQGP3w50sWeTR8T0rzfSbETWALhwLmZgbM Pw+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LD8m9jlh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w23si11412351oti.18.2020.03.25.08.50.33; Wed, 25 Mar 2020 08:50:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LD8m9jlh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727854AbgCYPuP (ORCPT + 99 others); Wed, 25 Mar 2020 11:50:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:48458 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727775AbgCYPuP (ORCPT ); Wed, 25 Mar 2020 11:50:15 -0400 Received: from localhost (unknown [104.132.1.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CE17620719; Wed, 25 Mar 2020 15:50:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585151414; bh=Qc+lueq98MrFHqfASz6/dsAD2vvazTjCL6wnKN7LNls=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LD8m9jlhLcMakKgtin97JBf2XNfXsnSTrsqZMF/LAlhDAdpi/ITpe5K8r242NJPgV QT0g5P1o+BQe8/+MzOI7ev3bv9TitGtvSFmdQYLobauqmReoNQ9w7hiuSmTsI9yEeA gwEiTsVRCygqBzOgDXJNx2r+hnbyY57pVW+tdEF0= Date: Wed, 25 Mar 2020 08:50:14 -0700 From: Jaegeuk Kim To: Chao Yu Cc: linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, chao@kernel.org Subject: Re: [PATCH v2 3/5] f2fs: fix to avoid NULL pointer dereference Message-ID: <20200325155014.GB65658@google.com> References: <20200325091811.60725-1-yuchao0@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200325091811.60725-1-yuchao0@huawei.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Chao, I don't want to rebase old commit at this moment, so applied on top of the tree. Thanks, On 03/25, Chao Yu wrote: > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > PC is at f2fs_free_dic+0x60/0x2c8 > LR is at f2fs_decompress_pages+0x3c4/0x3e8 > f2fs_free_dic+0x60/0x2c8 > f2fs_decompress_pages+0x3c4/0x3e8 > __read_end_io+0x78/0x19c > f2fs_post_read_work+0x6c/0x94 > process_one_work+0x210/0x48c > worker_thread+0x2e8/0x44c > kthread+0x110/0x120 > ret_from_fork+0x10/0x18 > > In f2fs_free_dic(), we can not use f2fs_put_page(,1) to release dic->tpages[i], > as the page's mapping is NULL. > > Signed-off-by: Chao Yu > --- > v2: > - fix to skip release tpages[i] if it is NULL in error path. > fs/f2fs/compress.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c > index ef7dd04312fe..6e10800729b6 100644 > --- a/fs/f2fs/compress.c > +++ b/fs/f2fs/compress.c > @@ -1137,7 +1137,10 @@ void f2fs_free_dic(struct decompress_io_ctx *dic) > for (i = 0; i < dic->cluster_size; i++) { > if (dic->rpages[i]) > continue; > - f2fs_put_page(dic->tpages[i], 1); > + if (!dic->tpages[i]) > + continue; > + unlock_page(dic->tpages[i]); > + put_page(dic->tpages[i]); > } > kfree(dic->tpages); > } > -- > 2.18.0.rc1