I was expecting Jan to pick this one up, but it's not in his pull request that just got merged. Looking at patches to reiserfs over the last few cycles, patches go in a few different ways; there doesn't seem to be a defined path. Anyone want to take this one? On Mon, Jun 05, 2023 at 03:23:34PM +0100, Matthew Wilcox (Oracle) wrote: > __getblk() can return a NULL pointer if we run out of memory or if > we try to access beyond the end of the device; check it and handle it > appropriately. > > Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx> > Link: https://lore.kernel.org/lkml/CAFcO6XOacq3hscbXevPQP7sXRoYFz34ZdKPYjmd6k5sZuhGFDw@xxxxxxxxxxxxxx/ > Tested-by: butt3rflyh4ck <butterflyhuangxx@xxxxxxxxx> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") # probably introduced in 2002 > --- > fs/reiserfs/journal.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c > index 4d11d60f493c..dd58e0dca5e5 100644 > --- a/fs/reiserfs/journal.c > +++ b/fs/reiserfs/journal.c > @@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev, > int i, j; > > bh = __getblk(dev, block, bufsize); > - if (buffer_uptodate(bh)) > + if (!bh || buffer_uptodate(bh)) > return (bh); > > if (block + BUFNR > max_block) { > @@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev, > j = 1; > for (i = 1; i < blocks; i++) { > bh = __getblk(dev, block + i, bufsize); > + if (!bh) > + break; > if (buffer_uptodate(bh)) { > brelse(bh); > break; > -- > 2.39.2 >
