[thirdparty/kernel/stable-queue.git] / releases / 4.5.7 / btrfs-scrub-set-bbio-to-null-before-calling-btrfs_map_block.patch

From f1fee6534dcfbf468a159789aa202db2bce8c200 Mon Sep 17 00:00:00 2001
From: Zhao Lei <zhaolei@cn.fujitsu.com>
Date: Tue, 17 May 2016 17:37:38 +0800
Subject: btrfs: scrub: Set bbio to NULL before calling btrfs_map_block

From: Zhao Lei <zhaolei@cn.fujitsu.com>

commit f1fee6534dcfbf468a159789aa202db2bce8c200 upstream.

We usually call btrfs_put_bbio() when btrfs_map_block() failed,
btrfs_put_bbio() works right whether bbio is a valid value, or NULL.

But there is a exception, in some case, btrfs_map_block() will return
fail without touching *bbio(keeping its original value), and if bbio
was not initialized yet, invalid memory accessing will happened.

Above case is in scrub_missing_raid56_pages(), and similar case in
scrub_raid56_parity().

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/scrub.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2179,7 +2179,7 @@ static void scrub_missing_raid56_pages(s
 	struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info;
 	u64 length = sblock->page_count * PAGE_SIZE;
 	u64 logical = sblock->pagev[0]->logical;
-	struct btrfs_bio *bbio;
+	struct btrfs_bio *bbio = NULL;
 	struct bio *bio;
 	struct btrfs_raid_bio *rbio;
 	int ret;
@@ -2980,6 +2980,7 @@ again:
 						       extent_len);
 
 			mapped_length = extent_len;
+			bbio = NULL;
 			ret = btrfs_map_block(fs_info, READ, extent_logical,
 					      &mapped_length, &bbio, 0);
 			if (!ret) {
Commit	Line	Data
9c28119d GKH	1	From f1fee6534dcfbf468a159789aa202db2bce8c200 Mon Sep 17 00:00:00 2001
	2	From: Zhao Lei <zhaolei@cn.fujitsu.com>
	3	Date: Tue, 17 May 2016 17:37:38 +0800
	4	Subject: btrfs: scrub: Set bbio to NULL before calling btrfs_map_block
	5
	6	From: Zhao Lei <zhaolei@cn.fujitsu.com>
	7
	8	commit f1fee6534dcfbf468a159789aa202db2bce8c200 upstream.
	9
	10	We usually call btrfs_put_bbio() when btrfs_map_block() failed,
	11	btrfs_put_bbio() works right whether bbio is a valid value, or NULL.
	12
	13	But there is a exception, in some case, btrfs_map_block() will return
	14	fail without touching *bbio(keeping its original value), and if bbio
	15	was not initialized yet, invalid memory accessing will happened.
	16
	17	Above case is in scrub_missing_raid56_pages(), and similar case in
	18	scrub_raid56_parity().
	19
	20	Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
	21	Signed-off-by: David Sterba <dsterba@suse.com>
	22	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	23
	24	---
	25	fs/btrfs/scrub.c \| 3 ++-
	26	1 file changed, 2 insertions(+), 1 deletion(-)
	27
	28	--- a/fs/btrfs/scrub.c
	29	+++ b/fs/btrfs/scrub.c
	30	@@ -2179,7 +2179,7 @@ static void scrub_missing_raid56_pages(s
	31	struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info;
	32	u64 length = sblock->page_count * PAGE_SIZE;
	33	u64 logical = sblock->pagev[0]->logical;
	34	- struct btrfs_bio *bbio;
	35	+ struct btrfs_bio *bbio = NULL;
	36	struct bio *bio;
	37	struct btrfs_raid_bio *rbio;
	38	int ret;
	39	@@ -2980,6 +2980,7 @@ again:
	40	extent_len);
	41
	42	mapped_length = extent_len;
	43	+ bbio = NULL;
	44	ret = btrfs_map_block(fs_info, READ, extent_logical,
	45	&mapped_length, &bbio, 0);
	46	if (!ret) {