Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1144411pxf;
        Fri, 2 Apr 2021 02:24:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy+VddYYtggtT2KmLsi1tzNj5w1MReTCv13H1m2hVX3FFDfXLeFKx/+pxcaLoYEpedlboDX
X-Received: by 2002:a05:6638:1a6:: with SMTP id b6mr11948285jaq.116.1617355470497;
        Fri, 02 Apr 2021 02:24:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617355470; cv=none;
        d=google.com; s=arc-20160816;
        b=rmd1tPHrqMp3ZC+QclC2KcXkLSiQvT6r3Cf9ieRi27/8gKFVLSMSvNNKlRhieYflp3
         b/Cvywv+Fw7JMeyJwjC0tm+ylq4XLAxl2Cu3FsV0qWw0pY6kTYxZCx1pQ36iVYS6m6+b
         rbCqkADuHT2OOJ+r/vuBSQhgXomsgcqIRn0+/tYp1AXuQBlsrDDafjoqT/xhgirD3MiM
         Lc09ma6OjrFsGa6jBt8AuNHTJRh4fF1E37I9E5GRG25wuav2pWf3DxrfA/DH+hyYO6CY
         0YTew6fjDgRbehRv8o4TQlWE7xsKpD1MKGAEMBRFkhrEuwhBRuihdQ95i/fU3NqgqiIn
         nBbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=22elreEL9N2PKC0SckUm8FllUlO9fcnn8GcNUIy7VAI=;
        b=o7GCOMPYNiF7MNClam/KMf2tbjvt91X0FhuiQRRwlbYCGXj2JqrHntqKMfnodH0vUJ
         R9zooQDBc7m1bVnUYAJRlJSIPOPHQv/tW/ex4QkLi04JHVa5Cr/c33+T/CuEQfKfOls7
         7Ghpw/zh9BQL6+acuuz2gIcp69ArFSNHGW79AZgXatI8DQRvge17Nnlx/JjDNc1pmwgO
         XmP3hN5IlIJtcKsTYBcLGHLzWUHGMguTlpmWVzz89dX86ItkXIS156gc9dFLhvZiPvNB
         Cm7VVCBaX0YBYRLauz5q0hSijJJ6XYPoV/Z7AseMn9iWym8TJqAtnhMXa9H6GukVAR6g
         Pz2Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b13si7660473jat.120.2021.04.02.02.24.15;
        Fri, 02 Apr 2021 02:24:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234029AbhDBJWt (ORCPT <rfc822;mahongyuan1997@gmail.com>
        + 99 others); Fri, 2 Apr 2021 05:22:49 -0400
Received: from szxga05-in.huawei.com ([45.249.212.191]:15532 "EHLO
        szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229599AbhDBJWs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Apr 2021 05:22:48 -0400
Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.59])
        by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4FBZJh5mfnzNsL8;
        Fri,  2 Apr 2021 17:20:04 +0800 (CST)
Received: from szvp000203569.huawei.com (10.120.216.130) by
 DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id
 14.3.498.0; Fri, 2 Apr 2021 17:22:39 +0800
From:   Chao Yu <yuchao0@huawei.com>
To:     <jaegeuk@kernel.org>
CC:     <linux-f2fs-devel@lists.sourceforge.net>,
        <linux-kernel@vger.kernel.org>, <chao@kernel.org>,
        Chao Yu <yuchao0@huawei.com>
Subject: [PATCH v2] f2fs: fix to avoid accessing invalid fio in f2fs_allocate_data_block()
Date:   Fri, 2 Apr 2021 17:22:23 +0800
Message-ID: <20210402092223.115515-1-yuchao0@huawei.com>
X-Mailer: git-send-email 2.29.2
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.120.216.130]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Callers may pass fio parameter with NULL value to f2fs_allocate_data_block(),
so we should make sure accessing fio's field after fio's validation check.

Fixes: f608c38c59c6 ("f2fs: clean up parameter of f2fs_allocate_data_block()")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
---
v2:
- relocate fio->retry assignment to avoid race condition.
 fs/f2fs/segment.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index c517e689a9a3..44897cfecb1e 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -3417,12 +3417,12 @@ void f2fs_allocate_data_block(struct f2fs_sb_info *sbi, struct page *page,
 		f2fs_inode_chksum_set(sbi, page);
 	}
 
-	if (F2FS_IO_ALIGNED(sbi))
-		fio->retry = false;
-
 	if (fio) {
 		struct f2fs_bio_info *io;
 
+		if (F2FS_IO_ALIGNED(sbi))
+			fio->retry = false;
+
 		INIT_LIST_HEAD(&fio->list);
 		fio->in_list = true;
 		io = sbi->write_io[fio->type] + fio->temp;
-- 
2.29.2