From: Ajeet Yadav <ajeet.yadav.77@gmail.com>
Date: Tue, 1 Feb 2011 21:28:40 +0000 (-0700)
Subject: xfs_repair: fix pagefault due to unhandled NULL check in da_read_buf()
X-Git-Tag: v3.1.5~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=663acd56b4405e8ea348c5a62c2b5573d8da69e6;p=thirdparty%2Fxfsprogs-dev.git

xfs_repair: fix pagefault due to unhandled NULL check in da_read_buf()

xfs_repair does not correctly handle bplist[i] for error situations in
function da_read_buf(). If libxfs_readbuf() fails then bplist[i] = NULL,
but error handing code calls libxfs_putbuf(bdlist[i]) for all indexes of i
without first checking whether its NULL. This result in pagefault in
libpthread library during pthread_mutex_unlock().
This problem is identified when we remove the storage while xfs_repair
is running on it.

Signed-off-by: Ajeet Yadav <ajeet.yadav.77@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
---

diff --git a/repair/dir2.c b/repair/dir2.c
index d0739fd40..55fe8ecfa 100644
--- a/repair/dir2.c
+++ b/repair/dir2.c
@@ -110,8 +110,10 @@ da_read_buf(
 		bplist[i] = libxfs_readbuf(mp->m_dev,
 				XFS_FSB_TO_DADDR(mp, bmp[i].startblock),
 				XFS_FSB_TO_BB(mp, bmp[i].blockcount), 0);
-		if (!bplist[i])
+		if (!bplist[i]) {
+			nex = i;
 			goto failed;
+		}
 
 		pftrace("readbuf %p (%llu, %d)", bplist[i],
 			(long long)XFS_BUF_ADDR(bplist[i]),