xfs: fix use of uninitialized imap in xfs_fs_map_blocks error path

xfs_fs_map_blocks() acquires the data map lock and then calls
xfs_bmapi_read(). If xfs_bmapi_read() fails, the function currently
still falls through to xfs_bmbt_to_iomap(), which consumes an
uninitialized imap record and may return invalid data to the caller.

Fix this by releasing the data map lock and returning immediately when
xfs_bmapi_read() reports an error. This prevents xfs_bmbt_to_iomap()
from being called with an uninitialized xfs_bmbt_irec.

Fixes: 527851124d10f ("xfs: implement pNFS export operations")
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

diff --git a/fs/xfs/xfs_pnfs.c b/fs/xfs/xfs_pnfs.c
index 221e55887a2a4d6e64e83554d14f73cfee82bee0..b792e066b403dbfdad7c49ff0fa0d136073ea70e 100644 (file)
--- a/fs/xfs/xfs_pnfs.c
+++ b/fs/xfs/xfs_pnfs.c
@@ -174,12 +174,15 @@ xfs_fs_map_blocks(
        lock_flags = xfs_ilock_data_map_shared(ip);
        error = xfs_bmapi_read(ip, offset_fsb, end_fsb - offset_fsb,
                                &imap, &nimaps, bmapi_flags);
+       if (error) {
+               xfs_iunlock(ip, lock_flags);
+               goto out_unlock;
+       }
        seq = xfs_iomap_inode_sequence(ip, 0);
 
        ASSERT(!nimaps || imap.br_startblock != DELAYSTARTBLOCK);
 
-       if (!error && write &&
-           (!nimaps || imap.br_startblock == HOLESTARTBLOCK)) {
+       if (write && (!nimaps || imap.br_startblock == HOLESTARTBLOCK)) {
                if (offset + length > XFS_ISIZE(ip))
                        end_fsb = xfs_iomap_eof_align_last_fsb(ip, end_fsb);
                else if (nimaps && imap.br_startblock == HOLESTARTBLOCK)