xfs_repair: fix pagefault due to unhandled NULL check in da_read_buf()

xfs_repair does not correctly handle bplist[i] for error situations in
function da_read_buf(). If libxfs_readbuf() fails then bplist[i] = NULL,
but error handing code calls libxfs_putbuf(bdlist[i]) for all indexes of i
without first checking whether its NULL. This result in pagefault in
libpthread library during pthread_mutex_unlock().
This problem is identified when we remove the storage while xfs_repair
is running on it.

Signed-off-by: Ajeet Yadav <ajeet.yadav.77@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>

diff --git a/repair/dir2.c b/repair/dir2.c
index d0739fd40987765a107d841994b8d4aaafa94cf5..55fe8ecfa2ab48af1b939c1440554006283425be 100644 (file)
--- a/repair/dir2.c
+++ b/repair/dir2.c
@@ -110,8 +110,10 @@ da_read_buf(
                bplist[i] = libxfs_readbuf(mp->m_dev,
                                XFS_FSB_TO_DADDR(mp, bmp[i].startblock),
                                XFS_FSB_TO_BB(mp, bmp[i].blockcount), 0);
-               if (!bplist[i])
+               if (!bplist[i]) {
+                       nex = i;
                        goto failed;
+               }
 
                pftrace("readbuf %p (%llu, %d)", bplist[i],
                        (long long)XFS_BUF_ADDR(bplist[i]),