diff options
Diffstat (limited to 'for-next/v3_20230218_zyytlz_wz_bcache_fix___bch_btree_node_alloc_to_make_the_failure_behavior_consistent.mbx')
| -rw-r--r-- | for-next/v3_20230218_zyytlz_wz_bcache_fix___bch_btree_node_alloc_to_make_the_failure_behavior_consistent.mbx | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/for-next/v3_20230218_zyytlz_wz_bcache_fix___bch_btree_node_alloc_to_make_the_failure_behavior_consistent.mbx b/for-next/v3_20230218_zyytlz_wz_bcache_fix___bch_btree_node_alloc_to_make_the_failure_behavior_consistent.mbx new file mode 100644 index 0000000..9aef3d4 --- /dev/null +++ b/for-next/v3_20230218_zyytlz_wz_bcache_fix___bch_btree_node_alloc_to_make_the_failure_behavior_consistent.mbx @@ -0,0 +1,50 @@ +From git@z Thu Jan 1 00:00:00 1970 +Subject: [PATCH v3] bcache: Fix __bch_btree_node_alloc to make the failure + behavior consistent +From: Zheng Wang <zyytlz.wz@163.com> +Date: Sat, 18 Feb 2023 15:23:35 +0800 +Message-Id: <20230218072335.1537099-1-zyytlz.wz@163.com> +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 7bit + +In some specific situation, the return value of __bch_btree_node_alloc may +be NULL. This may lead to poential NULL pointer dereference in caller + function like a calling chaion : + btree_split->bch_btree_node_alloc->__bch_btree_node_alloc. + +Fix it by initialize return value in __bch_btree_node_alloc before return. + +Fixes: cafe56359144 ("bcache: A block layer cache") +Cc: stable@vger.kernel.org +Signed-off-by: Zheng Wang <zyytlz.wz@163.com> +--- +v3: +- Add Cc: stable@vger.kernel.org suggested by Eric +v2: +- split patch v1 into two patches to make it clearer suggested by Coly Li +--- + drivers/md/bcache/btree.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c +index 147c493a989a..cae25e74b9e0 100644 +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1090,10 +1090,12 @@ struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op, + struct btree *parent) + { + BKEY_PADDED(key) k; +- struct btree *b = ERR_PTR(-EAGAIN); ++ struct btree *b; + + mutex_lock(&c->bucket_lock); + retry: ++ /* return ERR_PTR(-EAGAIN) when it fails */ ++ b = ERR_PTR(-EAGAIN); + if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, wait)) + goto err; + +-- +2.25.1 + |