]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cfc8573)
ubifs: skip dumping tnc tree when zroot is null
authorpangliyuan <pangliyuan1@huawei.com>
Tue, 24 Dec 2024 08:18:23 +0000 (16:18 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 8 Feb 2025 09:02:08 +0000 (10:02 +0100)
[ Upstream commit bdb0ca39e0acccf6771db49c3f94ed787d05f2d7 ]

Clearing slab cache will free all znode in memory and make
c->zroot.znode = NULL, then dumping tnc tree will access
c->zroot.znode which cause null pointer dereference.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=219624#c0
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Signed-off-by: pangliyuan <pangliyuan1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/ubifs/debug.c patch | blob | blame | history

diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
index 5cc69beaa62ecfb6f0899a293eea523fa7a75b13..10a86c02a8b328fc4eec53aa40caadcb6c635cc1 100644 (file)
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
@@ -946,16 +946,20 @@ void ubifs_dump_tnc(struct ubifs_info *c)
 
        pr_err("\n");
        pr_err("(pid %d) start dumping TNC tree\n", current->pid);
-       znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, NULL);
-       level = znode->level;
-       pr_err("== Level %d ==\n", level);
-       while (znode) {
-               if (level != znode->level) {
-                       level = znode->level;
-                       pr_err("== Level %d ==\n", level);
+       if (c->zroot.znode) {
+               znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, NULL);
+               level = znode->level;
+               pr_err("== Level %d ==\n", level);
+               while (znode) {
+                       if (level != znode->level) {
+                               level = znode->level;
+                               pr_err("== Level %d ==\n", level);
+                       }
+                       ubifs_dump_znode(c, znode);
+                       znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, znode);
                }
-               ubifs_dump_znode(c, znode);
-               znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, znode);
+       } else {
+               pr_err("empty TNC tree in memory\n");
        }
        pr_err("(pid %d) finish dumping TNC tree\n", current->pid);
 }
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git