From patchwork Wed Sep 13 16:44:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
X-Patchwork-Id: 139137
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:a8d:b0:3f2:4152:657d with SMTP id gr13csp133901vqb;
        Wed, 13 Sep 2023 15:56:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE7xEvY3BqUc0ud0xwTF/QKhuBIIQI09gBlOjERnD/laUSM1QqWI3I7r3VxT6QTx0pXTwCb
X-Received: by 2002:a05:6a21:7988:b0:157:609f:6057 with SMTP id
 bh8-20020a056a21798800b00157609f6057mr3187449pzc.27.1694645782473;
        Wed, 13 Sep 2023 15:56:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694645782; cv=none;
        d=google.com; s=arc-20160816;
        b=ovaZWdS/VKkh9laoY1qVf0hvZqMaZ9tnm2vuak0M8eVibOQZDon0d52X94AFJdisOl
         KTUcVVpa+MQyGFz9wyHDEH7pkz9x/6SB1KY4BwJj7haLqpD9tsTjgt0x0qxTZl5lqOnf
         MbhCbkFS0q8x/wnh9bK67v4zrpwgu0QLEM/4P4cM3qjdUBWKpdi2lOCGaKMoc2gAXGYy
         qf66hRRSoq/9N3MWvmBW+lyiuuoE6HO83erNYlTwuHjmRqS4uVR11hW5SZbtXP507d3o
         m1/z/4ZJj9YMb7XFu0EDODBepYVGkZUE/gG+e5xkFEindPE32DLc64UhNN2DKSfFo3uU
         pWQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=KhBqET0/GFce4q4wy/Li4fUXHKskJM4nNy8BipmRPzo=;
        fh=seHqP8aDwV4qtSdtm/JkySC7wQ/YhwMpq5sxfPUNkLQ=;
        b=GTK4LpKO5q5LB4FteKQAjtYX4IQ5VmgwWv1QlpUD3F64S31RMfdppiXxzV77u0v3uF
         LWE0PwTCuDXfUQXRn/b56XNcKEQcDRUa9mKbfyGnHUdunSNCOO0d1b/OFGUeQKVbSbOJ
         I+Q645Rbb3dGTbB4zB5FGhLrk6nzDqWZUD83bk7hx6gaqjOA3YqBu5OrS6ivEYb4tjTU
         32AdmyfNSh5dbpZL78a5Z7/azyRvIKG1Suij3YS5mNOno0UL40VWvaDKE26TN99CN7NR
         4ugZf7RIOYWrI72rKbOhQvVYkhc/yFQGhoRfNODY0/qC3OhicWYixscudFy0Ew5WE75O
         KNfg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=tY4NOT8k;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id
 i12-20020a633c4c000000b0056513361b4fsi114130pgn.741.2023.09.13.15.56.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 Sep 2023 15:56:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=tY4NOT8k;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 45A0C801C1A4;
	Wed, 13 Sep 2023 09:47:30 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231142AbjIMQrW (ORCPT <rfc822;pwkd43@gmail.com> + 35 others);
        Wed, 13 Sep 2023 12:47:22 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55092 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230335AbjIMQrG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Sep 2023 12:47:06 -0400
Received: from smtp.smtpout.orange.fr (smtp-22.smtpout.orange.fr
 [80.12.242.22])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FE121BE7
        for <linux-kernel@vger.kernel.org>;
 Wed, 13 Sep 2023 09:44:16 -0700 (PDT)
Received: from pop-os.home ([86.243.2.178])
        by smtp.orange.fr with ESMTPA
        id gSyJqOeao1XYugSyJqLbyP; Wed, 13 Sep 2023 18:44:14 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr;
        s=t20230301; t=1694623454;
        bh=KhBqET0/GFce4q4wy/Li4fUXHKskJM4nNy8BipmRPzo=;
        h=From:To:Cc:Subject:Date;
        b=tY4NOT8kx5AWJLO9A13ip+OzfDc65GfRtGqE/jQh9Lho1C7UfalXDV70QsuL4sKhy
         4yXHIWD5tqQh4a/JGcTZURyVkemXF4U97i4ZlNN3pxo7Q4YfjN3mwF1FBDyljIqr/g
         bSk4uZQvtcvo4N5JfnOgTPZ829m0Oi7yV9FQZqh6cqegUZbFlnGAXH21ntRyImrIig
         eY/GbFTuqfc+pmZcRR0ak375ydz3SeXyAEn82DQipTzZJb9usXJWoEL2slYAAR+yW6
         l0QF/m3JX6tWSL6cLiXmEe4FeY+9KZthCFBo8Q/85Mnp4+zUuLXXlBgM1Vj+0kFUAS
         9xsUnjVwwiZgg==
X-ME-Helo: pop-os.home
X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI=
X-ME-Date: Wed, 13 Sep 2023 18:44:14 +0200
X-ME-IP: 86.243.2.178
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Kent Overstreet <kent.overstreet@linux.dev>,
        Brian Foster <bfoster@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
        Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
        Kent Overstreet <kent.overstreet@gmail.com>,
        linux-bcachefs@vger.kernel.org
Subject: [PATCH 1/2] bcachefs: Fix a potential in the error handling path of
 use-after-free inbch2_dev_add()
Date: Wed, 13 Sep 2023 18:44:08 +0200
Message-Id: 
 <3ab17a294fd2b5fcb180d44955b0d76a28af11cb.1694623395.git.christophe.jaillet@wanadoo.fr>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
 Wed, 13 Sep 2023 09:47:30 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776964895881777131
X-GMAIL-MSGID: 1776964895881777131

If __bch2_dev_attach_bdev() fails, bch2_dev_free() is called twice.
Once here and another time in the error handling path.

This leads to several use-after-free.

Remove the redundant call and only rely on the error handling path.

Fixes: 6a44735653d4 ("bcachefs: Improved superblock-related error messages")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 fs/bcachefs/super.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/bcachefs/super.c b/fs/bcachefs/super.c
index 29cd71445a94..7379325c428f 100644
--- a/fs/bcachefs/super.c
+++ b/fs/bcachefs/super.c
@@ -1617,10 +1617,8 @@ int bch2_dev_add(struct bch_fs *c, const char *path)
 	bch2_dev_usage_init(ca);
 
 	ret = __bch2_dev_attach_bdev(ca, &sb);
-	if (ret) {
-		bch2_dev_free(ca);
+	if (ret)
 		goto err;
-	}
 
 	ret = bch2_dev_journal_alloc(ca);
 	if (ret) {

From patchwork Wed Sep 13 16:44:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
X-Patchwork-Id: 139024
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:a8d:b0:3f2:4152:657d with SMTP id gr13csp7031vqb;
        Wed, 13 Sep 2023 11:35:31 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHnpW2qX3W9JWVJ5BXhfasg+GDmLn3+axctbXMOsxJo9XJStb8Hxp/DyLo1SWRCrRWrwLd9
X-Received: by 2002:a05:6358:e48b:b0:140:fc53:d606 with SMTP id
 by11-20020a056358e48b00b00140fc53d606mr4793549rwb.12.1694630131587;
        Wed, 13 Sep 2023 11:35:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694630131; cv=none;
        d=google.com; s=arc-20160816;
        b=aqr+MHodhqgByd5xWS9neI6cZWXki6PqQxYwvFoewRiuhwO+u7zI6tpml1by4EjR+w
         tRnGzuF0TTqm2iPGVeunOtBTJ8tuFaRtUqNbi9y8QVAPF9vygRuUPWCpUNbZhcWWRG8Z
         0YnePXluaTOfFR3/cAEsCoZx5EL/YOclndm0JScq4acApBHiIXZAsfbhh4qEIVL1am4J
         rkeIW08dfpvxrCdGALVt0p2onx/xeIqCZyTWnbfZHt0MTfPm8Hi262w3drx3kt9gGZQx
         DTG4Azv0KikI0NQ9WnrAjqXyg13e9bsvpDxW6ZFSgKJJuhiUBAK/ADCtbebjOm+Hq4ny
         tudA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=4tJWCiqWBtSChD2W3vJJ1lqy/lx4y9b9BGC/j3xrouI=;
        fh=m3UyueLH4KDy0H9ZPaSnoQRYWYiD76Xl1Jq/Gorb8Ss=;
        b=nuraVPP2Z/K1Xqro1D3BAsf6HMv8D2SWnh4X7OtYGuRqmf41MomLmSHOS875Fwh7tJ
         nk1E7swxs7Q+qgF5DH6fSWBiR4GSIqbHznbm5YERurbg01v707W5BSVwoyTz2j3R6J/c
         KUADQjM2UjRJdwsVcxJM0ewN4wiShhhR9X20/+T4m/EK5UDGMi9RMd9oCAb9FYPvUVFR
         d4/aM+1kGZ7TvT5mZNV1wXcAE7gcnfuslI+prnVIKQNIWG5A1+sNkonbGNq5o6WyKhIR
         vEQLX1D/+2dR7eS3Rw/pdHW8XIz0pSfBZQxkSyAXFFBZHy6blxgEpj+ct+YWUJXTBs4G
         IUkA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=RGYPGv4E;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:6 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6])
        by mx.google.com with ESMTPS id
 f20-20020a63f114000000b00563f72935e3si10459654pgi.608.2023.09.13.11.35.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 Sep 2023 11:35:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:6 as permitted sender)
 client-ip=2620:137:e000::3:6;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=RGYPGv4E;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:6 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by pete.vger.email (Postfix) with ESMTP id C48398083AA8;
	Wed, 13 Sep 2023 09:48:22 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231605AbjIMQrd (ORCPT <rfc822;pwkd43@gmail.com> + 35 others);
        Wed, 13 Sep 2023 12:47:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48748 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231179AbjIMQrK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Sep 2023 12:47:10 -0400
Received: from smtp.smtpout.orange.fr (smtp-22.smtpout.orange.fr
 [80.12.242.22])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABFD949D8
        for <linux-kernel@vger.kernel.org>;
 Wed, 13 Sep 2023 09:44:22 -0700 (PDT)
Received: from pop-os.home ([86.243.2.178])
        by smtp.orange.fr with ESMTPA
        id gSyJqOeao1XYugSyTqLc1G; Wed, 13 Sep 2023 18:44:21 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr;
        s=t20230301; t=1694623461;
        bh=4tJWCiqWBtSChD2W3vJJ1lqy/lx4y9b9BGC/j3xrouI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References;
        b=RGYPGv4ElBKDitRaXHwvBONO3lX663NaEQ1P0kWZXNYxYELJpwBAbfp1tFiKRmU5U
         xTb1Qmo3WM/YvCAuAJjSPoO0ZzsF2hCFpCOrgOFHHd2PsVZSdY5rMDEAi1xuKrWsOp
         urgmJYTypZP4NsSLu4vlV+P3uUKTwidvd6fsWeK2ebQGuVuYwfpiyf/FGoGCm5uxmc
         rGYHCeaXcBIK1BUdFbmCSsr1mdoY7J5VljYHsICrUBix+3th7gPdQ7BiAfv+vAY6VZ
         cFkbKMHouZ3Jn4lybRJ2oITey+M0ALlAhcUiweU4G2pgdNJ+xqEJc89CvU9ZRCJLNp
         sLmqOirI5kAmQ==
X-ME-Helo: pop-os.home
X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI=
X-ME-Date: Wed, 13 Sep 2023 18:44:21 +0200
X-ME-IP: 86.243.2.178
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Kent Overstreet <kent.overstreet@linux.dev>,
        Brian Foster <bfoster@redhat.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
        Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
        linux-bcachefs@vger.kernel.org
Subject: [PATCH 2/2] bcachefs: Remove a redundant and harmless
 bch2_free_super() call
Date: Wed, 13 Sep 2023 18:44:09 +0200
Message-Id: 
 <4318418c88f28b041af018ab2250f442cb9776ed.1694623395.git.christophe.jaillet@wanadoo.fr>
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
 <3ab17a294fd2b5fcb180d44955b0d76a28af11cb.1694623395.git.christophe.jaillet@wanadoo.fr>
References: 
 <3ab17a294fd2b5fcb180d44955b0d76a28af11cb.1694623395.git.christophe.jaillet@wanadoo.fr>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]);
 Wed, 13 Sep 2023 09:48:22 -0700 (PDT)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776948484910595082
X-GMAIL-MSGID: 1776948484910595082

Remove a redundant call to bch2_free_super().

This is harmless because bch2_free_super() has a memset() at its end. So
a second call would only lead to from kfree(NULL).

Remove the redundant call and only rely on the error handling path.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 fs/bcachefs/super.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fs/bcachefs/super.c b/fs/bcachefs/super.c
index 7379325c428f..a9627e655666 100644
--- a/fs/bcachefs/super.c
+++ b/fs/bcachefs/super.c
@@ -1609,7 +1609,6 @@ int bch2_dev_add(struct bch_fs *c, const char *path)
 
 	ca = __bch2_dev_alloc(c, &dev_mi);
 	if (!ca) {
-		bch2_free_super(&sb);
 		ret = -ENOMEM;
 		goto err;
 	}