On Tue 19-02-19 11:44:03, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> There is a null check on the pointer bh to avoid a null pointer dereference
> on bh->b_data however later bh is passed to mark_buffer_dirty that can also
> cause a null pointer dereference on bh. Avoid this potential null pointer
> dereference by moving the call to mark_buffer_dirty inside the null checked
> block.
>
> Fixes: e8b4274735e4 ("udf: finalize integrity descriptor before writeback")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Thanks for the patch! In fact it is the 'if (bh)' check that's
unnecessarily defensive (we cannot have sbi->s_lvid_dirty and
!sbi->s_lvid_bh). So I'll just drop that check (attached patch).
Honza
> ---
> fs/udf/super.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/fs/udf/super.c b/fs/udf/super.c
> index a6940d90bedd..b7e9a83d39db 100644
> --- a/fs/udf/super.c
> +++ b/fs/udf/super.c
> @@ -2336,13 +2336,13 @@ static int udf_sync_fs(struct super_block *sb, int wait)
>
> lvid = (struct logicalVolIntegrityDesc *)bh->b_data;
> udf_finalize_lvid(lvid);
> - }
>
> - /*
> - * Blockdevice will be synced later so we don't have to submit
> - * the buffer for IO
> - */
> - mark_buffer_dirty(bh);
> + /*
> + * Blockdevice will be synced later so we don't have
> + * to submit the buffer for IO
> + */
> + mark_buffer_dirty(bh);
> + }
> sbi->s_lvid_dirty = 0;
> }
> mutex_unlock(&sbi->s_alloc_mutex);
> --
> 2.20.1
>
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
>From a00eb52e3f2f815efa52a9e3bf1b730d86c05faa Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@xxxxxxx>
Date: Tue, 19 Feb 2019 14:59:43 +0100
Subject: [PATCH] udf: Drop pointless check from udf_sync_fs()
The check if (bh) in udf_sync_fs() is pointless as we cannot have
sbi->s_lvid_dirty and !sbi->s_lvid_bh (as already asserted by
udf_updated_lvid()). So just drop the pointless check.
Reported-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
---
fs/udf/super.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/fs/udf/super.c b/fs/udf/super.c
index a6940d90bedd..ffd8038ff728 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -2330,13 +2330,10 @@ static int udf_sync_fs(struct super_block *sb, int wait)
mutex_lock(&sbi->s_alloc_mutex);
if (sbi->s_lvid_dirty) {
struct buffer_head *bh = sbi->s_lvid_bh;
+ struct logicalVolIntegrityDesc *lvid;
- if (bh) {
- struct logicalVolIntegrityDesc *lvid;
-
- lvid = (struct logicalVolIntegrityDesc *)bh->b_data;
- udf_finalize_lvid(lvid);
- }
+ lvid = (struct logicalVolIntegrityDesc *)bh->b_data;
+ udf_finalize_lvid(lvid);
/*
* Blockdevice will be synced later so we don't have to submit
--
2.16.4
