On Mon, Mar 18, 2019 at 09:43:36AM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
>
> In xchk_btree_check_owner, we can be passed a null buffer pointer. This
> should only happen for the root of a root-in-inode btree type, but we
> should program defensively in case the btree cursor state ever gets
> screwed up and we get a null buffer anyway.
>
> Coverity-id: 1438713
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx>
> fs/xfs/scrub/btree.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/fs/xfs/scrub/btree.c b/fs/xfs/scrub/btree.c
> index 6271a277eabe..cf4046c9e250 100644
> --- a/fs/xfs/scrub/btree.c
> +++ b/fs/xfs/scrub/btree.c
> @@ -481,8 +481,17 @@ xchk_btree_check_owner(
> struct xfs_btree_cur *cur = bs->cur;
> struct check_owner *co;
>
> - if ((cur->bc_flags & XFS_BTREE_ROOT_IN_INODE) && bp == NULL)
> + /*
> + * In theory, xfs_btree_get_block should only give us a null buffer
> + * pointer for the root of a root-in-inode btree type, but we need
> + * to check defensively here in case the cursor state is also screwed
> + * up.
> + */
> + if (bp == NULL) {
> + if (!(cur->bc_flags & XFS_BTREE_ROOT_IN_INODE))
> + xchk_btree_set_corrupt(bs->sc, bs->cur, level);
> return 0;
> + }
>
> /*
> * We want to cross-reference each btree block with the bnobt
