| From hch@lst.de Mon Sep 18 10:08:45 2017 |
| From: Christoph Hellwig <hch@lst.de> |
| Date: Sun, 17 Sep 2017 14:06:38 -0700 |
| Subject: xfs: check _alloc_read_agf buffer pointer before using |
| To: stable@vger.kernel.org |
| Cc: linux-xfs@vger.kernel.org, "Darrick J. Wong" <darrick.wong@oracle.com> |
| Message-ID: <20170917210712.10804-14-hch@lst.de> |
| |
| |
| From: "Darrick J. Wong" <darrick.wong@oracle.com> |
| |
| commit 10479e2dea83d4c421ad05dfc55d918aa8dfc0cd upstream. |
| |
| In some circumstances, _alloc_read_agf can return an error code of zero |
| but also a null AGF buffer pointer. Check for this and jump out. |
| |
| Fixes-coverity-id: 1415250 |
| Fixes-coverity-id: 1415320 |
| Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> |
| Reviewed-by: Brian Foster <bfoster@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/xfs/libxfs/xfs_refcount.c | 4 ++++ |
| fs/xfs/xfs_reflink.c | 2 ++ |
| 2 files changed, 6 insertions(+) |
| |
| --- a/fs/xfs/libxfs/xfs_refcount.c |
| +++ b/fs/xfs/libxfs/xfs_refcount.c |
| @@ -1640,6 +1640,10 @@ xfs_refcount_recover_cow_leftovers( |
| error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp); |
| if (error) |
| goto out_trans; |
| + if (!agbp) { |
| + error = -ENOMEM; |
| + goto out_trans; |
| + } |
| cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL); |
| |
| /* Find all the leftover CoW staging extents. */ |
| --- a/fs/xfs/xfs_reflink.c |
| +++ b/fs/xfs/xfs_reflink.c |
| @@ -169,6 +169,8 @@ xfs_reflink_find_shared( |
| error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp); |
| if (error) |
| return error; |
| + if (!agbp) |
| + return -ENOMEM; |
| |
| cur = xfs_refcountbt_init_cursor(mp, NULL, agbp, agno, NULL); |
| |
