Patch "btrfs: scrub: Set bbio to NULL before calling btrfs_map_block" has been added to the 4.5-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 05 Jun 2016 14:48:37 -0700

This is a note to let you know that I've just added the patch titled

    btrfs: scrub: Set bbio to NULL before calling btrfs_map_block

to the 4.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-scrub-set-bbio-to-null-before-calling-btrfs_map_block.patch
and it can be found in the queue-4.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From f1fee6534dcfbf468a159789aa202db2bce8c200 Mon Sep 17 00:00:00 2001
From: Zhao Lei <zhaolei@xxxxxxxxxxxxxx>
Date: Tue, 17 May 2016 17:37:38 +0800
Subject: btrfs: scrub: Set bbio to NULL before calling btrfs_map_block

From: Zhao Lei <zhaolei@xxxxxxxxxxxxxx>

commit f1fee6534dcfbf468a159789aa202db2bce8c200 upstream.

We usually call btrfs_put_bbio() when btrfs_map_block() failed,
btrfs_put_bbio() works right whether bbio is a valid value, or NULL.

But there is a exception, in some case, btrfs_map_block() will return
fail without touching *bbio(keeping its original value), and if bbio
was not initialized yet, invalid memory accessing will happened.

Above case is in scrub_missing_raid56_pages(), and similar case in
scrub_raid56_parity().

Signed-off-by: Zhao Lei <zhaolei@xxxxxxxxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/btrfs/scrub.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2179,7 +2179,7 @@ static void scrub_missing_raid56_pages(s
 	struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info;
 	u64 length = sblock->page_count * PAGE_SIZE;
 	u64 logical = sblock->pagev[0]->logical;
-	struct btrfs_bio *bbio;
+	struct btrfs_bio *bbio = NULL;
 	struct bio *bio;
 	struct btrfs_raid_bio *rbio;
 	int ret;
@@ -2980,6 +2980,7 @@ again:
 						       extent_len);
 
 			mapped_length = extent_len;
+			bbio = NULL;
 			ret = btrfs_map_block(fs_info, READ, extent_logical,
 					      &mapped_length, &bbio, 0);
 			if (!ret) {


Patches currently in stable-queue which might be from zhaolei@xxxxxxxxxxxxxx are

queue-4.5/btrfs-scrub-set-bbio-to-null-before-calling-btrfs_map_block.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






