From patchwork Tue Nov 14 07:07:04 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jingbo Xu <jefflexu@linux.alibaba.com>
X-Patchwork-Id: 164742
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b909:0:b0:403:3b70:6f57 with SMTP id t9csp1691349vqg;
        Mon, 13 Nov 2023 23:07:26 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IG5X3dfB4A3avxC95sOqj/SfZn0pfgSp9kkyoszUmCcQEXC4fjltJnITLVpGkb5p1O0Bq+L
X-Received: by 2002:a17:902:d505:b0:1cc:b315:3415 with SMTP id
 b5-20020a170902d50500b001ccb3153415mr1861786plg.61.1699945645989;
        Mon, 13 Nov 2023 23:07:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699945645; cv=none;
        d=google.com; s=arc-20160816;
        b=XkyUecrYdvdTqVmiLAepKncQNWXq0MRR5qye85vC+cMdf6pJEAWnbQcxreq4I+1p9F
         l5vqL8dyQiIVua84QdzK0RxNCU78RZj8tT5jDgYSC6270DvRdZLwaJODA6bm5m6buvMV
         00CIgRy4Vncgc2O5f1qwfXGwtphUhgqj/cBwpl5+YgO9Q1V1kjsk9eXYrw6JMiDx135L
         nD6JYInMjlbZPbDqQYZ4JlyLQTvMNgVfIi8MGoRnNcGfY66Mg37+0dz5k3giB4zqraIb
         Ud5QCaIqfx9a/dmOUTmr5dZ8xBliZuWqA8swtaFsMSnXMNfeA182+/Tg4MGbWB/zJrTO
         UPWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=H16dlS7esdbquaryPmpwAxAdBRcG2kXMjXF8R9R91PI=;
        fh=QKljaSilAptFSsHxd/r9Jc96JbNDNkky+xrngcSEEhc=;
        b=LDDFcrg5r3QdHUhCF91RW7cqYsqh3HUk9P/IB9WvF0ZSgzf9eyge2oeDYsZzglSadH
         u/qm6HKE8pSGgRF9SIGQLXgMLu4tSgJb87Bba2ZL0WWKpDAawuvZSxNNWqfx9w3yS3U+
         zbLlQeQuP4DNAZ+EHF61BXOMPgzillEJLFb8y5KrS0c8zxn+i5tvZNmU6ie7VZgp6LPm
         BwOAi1Md81SmpVaLYV2MFnuYOkRHCiJPXO+ZvAD74Aaos4lza01WYbcVlzQws6h3xRxl
         gql+FJBKEKnICHO/g2z5F6IYvTtjxat3H71hjwCpiw7G8AmKbhkZnXFaGxBy0Vvj2Kbf
         C73A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:2 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2])
        by mx.google.com with ESMTPS id
 bg12-20020a1709028e8c00b001cc50c56980si7343966plb.411.2023.11.13.23.07.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Nov 2023 23:07:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:2 as permitted sender)
 client-ip=2620:137:e000::3:2;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:2 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id B4E34808D4AA;
	Mon, 13 Nov 2023 23:07:23 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232149AbjKNHHL (ORCPT <rfc822;lhua1029@gmail.com> + 30 others);
        Tue, 14 Nov 2023 02:07:11 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54824 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232099AbjKNHHK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Nov 2023 02:07:10 -0500
Received: from out30-99.freemail.mail.aliyun.com
 (out30-99.freemail.mail.aliyun.com [115.124.30.99])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C22D194
        for <linux-kernel@vger.kernel.org>;
 Mon, 13 Nov 2023 23:07:07 -0800 (PST)
X-Alimail-AntiSpam: 
 AC=PASS;BC=-1|-1;BR=01201311R411e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0VwOdhoI_1699945624;
Received: from localhost(mailfrom:jefflexu@linux.alibaba.com
 fp:SMTPD_---0VwOdhoI_1699945624)
          by smtp.aliyun-inc.com;
          Tue, 14 Nov 2023 15:07:05 +0800
From: Jingbo Xu <jefflexu@linux.alibaba.com>
To: xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org
Cc: huyue2@coolpad.com, linux-kernel@vger.kernel.org
Subject: [PATCH] erofs: fix NULL dereference of dif->bdev_handle in fscache
 mode
Date: Tue, 14 Nov 2023 15:07:04 +0800
Message-Id: <20231114070704.23398-1-jefflexu@linux.alibaba.com>
X-Mailer: git-send-email 2.19.1.6.gb485710b
MIME-Version: 1.0
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
	UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]);
 Mon, 13 Nov 2023 23:07:23 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1782522205760461114
X-GMAIL-MSGID: 1782522205760461114

Avoid NULL dereference of dif->bdev_handle, as dif->bdev_handle is NULL
in fscache mode.

 BUG: kernel NULL pointer dereference, address: 0000000000000000
 RIP: 0010:erofs_map_dev+0xbd/0x1c0
 Call Trace:
  <TASK>
  erofs_fscache_data_read_slice+0xa7/0x340
  erofs_fscache_data_read+0x11/0x30
  erofs_fscache_readahead+0xd9/0x100
  read_pages+0x47/0x1f0
  page_cache_ra_order+0x1e5/0x270
  filemap_get_pages+0xf2/0x5f0
  filemap_read+0xb8/0x2e0
  vfs_read+0x18d/0x2b0
  ksys_read+0x53/0xd0
  do_syscall_64+0x42/0xf0
  entry_SYSCALL_64_after_hwframe+0x6e/0x76

Reported-by: Yiqun Leng <yqleng@linux.alibaba.com>
Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7245
Fixes: 49845720080d ("erofs: Convert to use bdev_open_by_path()")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Yue Hu <huyue2@coolpad.com>
Reviewed-by: Chao Yu <chao@kernel.org>
---
 fs/erofs/data.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/erofs/data.c b/fs/erofs/data.c
index 029c761670bf..c98aeda8abb2 100644
--- a/fs/erofs/data.c
+++ b/fs/erofs/data.c
@@ -220,7 +220,7 @@ int erofs_map_dev(struct super_block *sb, struct erofs_map_dev *map)
 			up_read(&devs->rwsem);
 			return 0;
 		}
-		map->m_bdev = dif->bdev_handle->bdev;
+		map->m_bdev = dif->bdev_handle ? dif->bdev_handle->bdev : NULL;
 		map->m_daxdev = dif->dax_dev;
 		map->m_dax_part_off = dif->dax_part_off;
 		map->m_fscache = dif->fscache;
@@ -238,7 +238,8 @@ int erofs_map_dev(struct super_block *sb, struct erofs_map_dev *map)
 			if (map->m_pa >= startoff &&
 			    map->m_pa < startoff + length) {
 				map->m_pa -= startoff;
-				map->m_bdev = dif->bdev_handle->bdev;
+				map->m_bdev = dif->bdev_handle ?
+					      dif->bdev_handle->bdev : NULL;
 				map->m_daxdev = dif->dax_dev;
 				map->m_dax_part_off = dif->dax_part_off;
 				map->m_fscache = dif->fscache;