Message ID | 20231114070704.23398-1-jefflexu@linux.alibaba.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b909:0:b0:403:3b70:6f57 with SMTP id t9csp1691349vqg; Mon, 13 Nov 2023 23:07:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IG5X3dfB4A3avxC95sOqj/SfZn0pfgSp9kkyoszUmCcQEXC4fjltJnITLVpGkb5p1O0Bq+L X-Received: by 2002:a17:902:d505:b0:1cc:b315:3415 with SMTP id b5-20020a170902d50500b001ccb3153415mr1861786plg.61.1699945645989; Mon, 13 Nov 2023 23:07:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699945645; cv=none; d=google.com; s=arc-20160816; b=XkyUecrYdvdTqVmiLAepKncQNWXq0MRR5qye85vC+cMdf6pJEAWnbQcxreq4I+1p9F l5vqL8dyQiIVua84QdzK0RxNCU78RZj8tT5jDgYSC6270DvRdZLwaJODA6bm5m6buvMV 00CIgRy4Vncgc2O5f1qwfXGwtphUhgqj/cBwpl5+YgO9Q1V1kjsk9eXYrw6JMiDx135L nD6JYInMjlbZPbDqQYZ4JlyLQTvMNgVfIi8MGoRnNcGfY66Mg37+0dz5k3giB4zqraIb Ud5QCaIqfx9a/dmOUTmr5dZ8xBliZuWqA8swtaFsMSnXMNfeA182+/Tg4MGbWB/zJrTO UPWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=H16dlS7esdbquaryPmpwAxAdBRcG2kXMjXF8R9R91PI=; fh=QKljaSilAptFSsHxd/r9Jc96JbNDNkky+xrngcSEEhc=; b=LDDFcrg5r3QdHUhCF91RW7cqYsqh3HUk9P/IB9WvF0ZSgzf9eyge2oeDYsZzglSadH u/qm6HKE8pSGgRF9SIGQLXgMLu4tSgJb87Bba2ZL0WWKpDAawuvZSxNNWqfx9w3yS3U+ zbLlQeQuP4DNAZ+EHF61BXOMPgzillEJLFb8y5KrS0c8zxn+i5tvZNmU6ie7VZgp6LPm BwOAi1Md81SmpVaLYV2MFnuYOkRHCiJPXO+ZvAD74Aaos4lza01WYbcVlzQws6h3xRxl gql+FJBKEKnICHO/g2z5F6IYvTtjxat3H71hjwCpiw7G8AmKbhkZnXFaGxBy0Vvj2Kbf C73A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id bg12-20020a1709028e8c00b001cc50c56980si7343966plb.411.2023.11.13.23.07.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Nov 2023 23:07:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id B4E34808D4AA; Mon, 13 Nov 2023 23:07:23 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232149AbjKNHHL (ORCPT <rfc822;lhua1029@gmail.com> + 30 others); Tue, 14 Nov 2023 02:07:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232099AbjKNHHK (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 14 Nov 2023 02:07:10 -0500 Received: from out30-99.freemail.mail.aliyun.com (out30-99.freemail.mail.aliyun.com [115.124.30.99]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C22D194 for <linux-kernel@vger.kernel.org>; Mon, 13 Nov 2023 23:07:07 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R411e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0VwOdhoI_1699945624; Received: from localhost(mailfrom:jefflexu@linux.alibaba.com fp:SMTPD_---0VwOdhoI_1699945624) by smtp.aliyun-inc.com; Tue, 14 Nov 2023 15:07:05 +0800 From: Jingbo Xu <jefflexu@linux.alibaba.com> To: xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org Cc: huyue2@coolpad.com, linux-kernel@vger.kernel.org Subject: [PATCH] erofs: fix NULL dereference of dif->bdev_handle in fscache mode Date: Tue, 14 Nov 2023 15:07:04 +0800 Message-Id: <20231114070704.23398-1-jefflexu@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.6.gb485710b MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 13 Nov 2023 23:07:23 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782522205760461114 X-GMAIL-MSGID: 1782522205760461114 |
Series |
erofs: fix NULL dereference of dif->bdev_handle in fscache mode
|
|
Commit Message
Jingbo Xu
Nov. 14, 2023, 7:07 a.m. UTC
Avoid NULL dereference of dif->bdev_handle, as dif->bdev_handle is NULL
in fscache mode.
BUG: kernel NULL pointer dereference, address: 0000000000000000
RIP: 0010:erofs_map_dev+0xbd/0x1c0
Call Trace:
<TASK>
erofs_fscache_data_read_slice+0xa7/0x340
erofs_fscache_data_read+0x11/0x30
erofs_fscache_readahead+0xd9/0x100
read_pages+0x47/0x1f0
page_cache_ra_order+0x1e5/0x270
filemap_get_pages+0xf2/0x5f0
filemap_read+0xb8/0x2e0
vfs_read+0x18d/0x2b0
ksys_read+0x53/0xd0
do_syscall_64+0x42/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Reported-by: Yiqun Leng <yqleng@linux.alibaba.com>
Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7245
Fixes: 49845720080d ("erofs: Convert to use bdev_open_by_path()")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
---
fs/erofs/data.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Comments
On 2023/11/14 15:07, Jingbo Xu wrote: > Avoid NULL dereference of dif->bdev_handle, as dif->bdev_handle is NULL > in fscache mode. > > BUG: kernel NULL pointer dereference, address: 0000000000000000 > RIP: 0010:erofs_map_dev+0xbd/0x1c0 > Call Trace: > <TASK> > erofs_fscache_data_read_slice+0xa7/0x340 > erofs_fscache_data_read+0x11/0x30 > erofs_fscache_readahead+0xd9/0x100 > read_pages+0x47/0x1f0 > page_cache_ra_order+0x1e5/0x270 > filemap_get_pages+0xf2/0x5f0 > filemap_read+0xb8/0x2e0 > vfs_read+0x18d/0x2b0 > ksys_read+0x53/0xd0 > do_syscall_64+0x42/0xf0 > entry_SYSCALL_64_after_hwframe+0x6e/0x76 > > Reported-by: Yiqun Leng <yqleng@linux.alibaba.com> > Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7245 > Fixes: 49845720080d ("erofs: Convert to use bdev_open_by_path()") > Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com> Thanks, Gao Xiang
On Tue, 14 Nov 2023 15:07:04 +0800 Jingbo Xu <jefflexu@linux.alibaba.com> wrote: > Avoid NULL dereference of dif->bdev_handle, as dif->bdev_handle is NULL > in fscache mode. > > BUG: kernel NULL pointer dereference, address: 0000000000000000 > RIP: 0010:erofs_map_dev+0xbd/0x1c0 > Call Trace: > <TASK> > erofs_fscache_data_read_slice+0xa7/0x340 > erofs_fscache_data_read+0x11/0x30 > erofs_fscache_readahead+0xd9/0x100 > read_pages+0x47/0x1f0 > page_cache_ra_order+0x1e5/0x270 > filemap_get_pages+0xf2/0x5f0 > filemap_read+0xb8/0x2e0 > vfs_read+0x18d/0x2b0 > ksys_read+0x53/0xd0 > do_syscall_64+0x42/0xf0 > entry_SYSCALL_64_after_hwframe+0x6e/0x76 > > Reported-by: Yiqun Leng <yqleng@linux.alibaba.com> > Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7245 > Fixes: 49845720080d ("erofs: Convert to use bdev_open_by_path()") > Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Reviewed-by: Yue Hu <huyue2@coolpad.com>
On 2023/11/14 15:07, Jingbo Xu wrote: > Avoid NULL dereference of dif->bdev_handle, as dif->bdev_handle is NULL > in fscache mode. > > BUG: kernel NULL pointer dereference, address: 0000000000000000 > RIP: 0010:erofs_map_dev+0xbd/0x1c0 > Call Trace: > <TASK> > erofs_fscache_data_read_slice+0xa7/0x340 > erofs_fscache_data_read+0x11/0x30 > erofs_fscache_readahead+0xd9/0x100 > read_pages+0x47/0x1f0 > page_cache_ra_order+0x1e5/0x270 > filemap_get_pages+0xf2/0x5f0 > filemap_read+0xb8/0x2e0 > vfs_read+0x18d/0x2b0 > ksys_read+0x53/0xd0 > do_syscall_64+0x42/0xf0 > entry_SYSCALL_64_after_hwframe+0x6e/0x76 > > Reported-by: Yiqun Leng <yqleng@linux.alibaba.com> > Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7245 > Fixes: 49845720080d ("erofs: Convert to use bdev_open_by_path()") > Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Reviewed-by: Chao Yu <chao@kernel.org> Thanks,
diff --git a/fs/erofs/data.c b/fs/erofs/data.c index 029c761670bf..c98aeda8abb2 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -220,7 +220,7 @@ int erofs_map_dev(struct super_block *sb, struct erofs_map_dev *map) up_read(&devs->rwsem); return 0; } - map->m_bdev = dif->bdev_handle->bdev; + map->m_bdev = dif->bdev_handle ? dif->bdev_handle->bdev : NULL; map->m_daxdev = dif->dax_dev; map->m_dax_part_off = dif->dax_part_off; map->m_fscache = dif->fscache; @@ -238,7 +238,8 @@ int erofs_map_dev(struct super_block *sb, struct erofs_map_dev *map) if (map->m_pa >= startoff && map->m_pa < startoff + length) { map->m_pa -= startoff; - map->m_bdev = dif->bdev_handle->bdev; + map->m_bdev = dif->bdev_handle ? + dif->bdev_handle->bdev : NULL; map->m_daxdev = dif->dax_dev; map->m_dax_part_off = dif->dax_part_off; map->m_fscache = dif->fscache;