xfs: don't crash on unexpected holes in dir/attr btrees

Source kernel commit: cd87d867920155911d0d2e6485b769d853547750

In quite a few places we call xfs_da_read_buf with a mappedbno that we
don't control, then assume that the function passes back either an error
code or a buffer pointer.  Unfortunately, if mappedbno == -2 and bno
maps to a hole, we get a return code of zero and a NULL buffer, which
means that we crash if we actually try to use that buffer pointer.  This
happens immediately when we set the buffer type for transaction context.

Therefore, check that we have no error code and a non-NULL bp before
trying to use bp.  This patch is a follow-up to an incomplete fix in
96a3aefb8ffde231 ("xfs: don't crash if reading a directory results in an
unexpected hole").

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/libxfs/xfs_attr_leaf.c b/libxfs/xfs_attr_leaf.c
index 246d5b45b9e2a5dda27abd023483feec0569722c..6053b56a9624efc568d4b1e6a8b51da324edef16 100644 (file)
--- a/libxfs/xfs_attr_leaf.c
+++ b/libxfs/xfs_attr_leaf.c
@@ -346,7 +346,7 @@ xfs_attr3_leaf_read(
 
        err = xfs_da_read_buf(tp, dp, bno, mappedbno, bpp,
                                XFS_ATTR_FORK, &xfs_attr3_leaf_buf_ops);
-       if (!err && tp)
+       if (!err && tp && *bpp)
                xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_ATTR_LEAF_BUF);
        return err;
 }

diff --git a/libxfs/xfs_da_btree.c b/libxfs/xfs_da_btree.c
index a54304550029724297b5139e3e5e36da493e0edb..347bf48215ca764a3f6ad5bec47d0829ea91c448 100644 (file)
--- a/libxfs/xfs_da_btree.c
+++ b/libxfs/xfs_da_btree.c
@@ -258,7 +258,7 @@ xfs_da3_node_read(
 
        err = xfs_da_read_buf(tp, dp, bno, mappedbno, bpp,
                                        which_fork, &xfs_da3_node_buf_ops);
-       if (!err && tp) {
+       if (!err && tp && *bpp) {
                struct xfs_da_blkinfo   *info = (*bpp)->b_addr;
                int                     type;
 

diff --git a/libxfs/xfs_dir2_block.c b/libxfs/xfs_dir2_block.c
index 32bde3115c07012d740d961d289a353d12add7f7..2da5f1a3f661b3dbd68259ae59ff1c339a51bd0b 100644 (file)
--- a/libxfs/xfs_dir2_block.c
+++ b/libxfs/xfs_dir2_block.c
@@ -135,7 +135,7 @@ xfs_dir3_block_read(
 
        err = xfs_da_read_buf(tp, dp, mp->m_dir_geo->datablk, -1, bpp,
                                XFS_DATA_FORK, &xfs_dir3_block_buf_ops);
-       if (!err && tp)
+       if (!err && tp && *bpp)
                xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_BLOCK_BUF);
        return err;
 }

diff --git a/libxfs/xfs_dir2_leaf.c b/libxfs/xfs_dir2_leaf.c
index e93f12a22e5a0600bf73506e43d52240928f95da..5e9cf90105a0b92242777a458564b34695dbff54 100644 (file)
--- a/libxfs/xfs_dir2_leaf.c
+++ b/libxfs/xfs_dir2_leaf.c
@@ -265,7 +265,7 @@ xfs_dir3_leaf_read(
 
        err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
                                XFS_DATA_FORK, &xfs_dir3_leaf1_buf_ops);
-       if (!err && tp)
+       if (!err && tp && *bpp)
                xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_LEAF1_BUF);
        return err;
 }
@@ -282,7 +282,7 @@ xfs_dir3_leafn_read(
 
        err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
                                XFS_DATA_FORK, &xfs_dir3_leafn_buf_ops);
-       if (!err && tp)
+       if (!err && tp && *bpp)
                xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_LEAFN_BUF);
        return err;
 }