This is a note to let you know that I've just added the patch titled
xfs: check _alloc_read_agf buffer pointer before using
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xfs-check-_alloc_read_agf-buffer-pointer-before-using.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From hch@xxxxxx Mon Sep 18 10:08:45 2017
From: Christoph Hellwig <hch@xxxxxx>
Date: Sun, 17 Sep 2017 14:06:38 -0700
Subject: xfs: check _alloc_read_agf buffer pointer before using
To: stable@xxxxxxxxxxxxxxx
Cc: linux-xfs@xxxxxxxxxxxxxxx, "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>
Message-ID: <20170917210712.10804-14-hch@xxxxxx>
From: "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>
commit 10479e2dea83d4c421ad05dfc55d918aa8dfc0cd upstream.
In some circumstances, _alloc_read_agf can return an error code of zero
but also a null AGF buffer pointer. Check for this and jump out.
Fixes-coverity-id: 1415250
Fixes-coverity-id: 1415320
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/xfs/libxfs/xfs_refcount.c | 4 ++++
fs/xfs/xfs_reflink.c | 2 ++
2 files changed, 6 insertions(+)
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1640,6 +1640,10 @@ xfs_refcount_recover_cow_leftovers(
error = xfs_alloc_read_agf(mp, tp, agno, 0, &agbp);
if (error)
goto out_trans;
+ if (!agbp) {
+ error = -ENOMEM;
+ goto out_trans;
+ }
cur = xfs_refcountbt_init_cursor(mp, tp, agbp, agno, NULL);
/* Find all the leftover CoW staging extents. */
--- a/fs/xfs/xfs_reflink.c
+++ b/fs/xfs/xfs_reflink.c
@@ -169,6 +169,8 @@ xfs_reflink_find_shared(
error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp);
if (error)
return error;
+ if (!agbp)
+ return -ENOMEM;
cur = xfs_refcountbt_init_cursor(mp, NULL, agbp, agno, NULL);
Patches currently in stable-queue which might be from hch@xxxxxx are
queue-4.9/xfs-fix-inobt-inode-allocation-search-optimization.patch
queue-4.9/xfs-try-to-avoid-blowing-out-the-transaction-reservation-when-bunmaping-a-shared-extent.patch
queue-4.9/xfs-free-cowblocks-and-retry-on-buffered-write-enospc.patch
queue-4.9/xfs-set-firstfsb-to-nullfsblock-before-feeding-it-to-_bmapi_write.patch
queue-4.9/xfs-fix-quotacheck-dquot-id-overflow-infinite-loop.patch
queue-4.9/xfs-remove-bli-from-ail-before-release-on-transaction-abort.patch
queue-4.9/xfs-check-_btree_check_block-value.patch
queue-4.9/xfs-don-t-allow-bmap-on-rt-files.patch
queue-4.9/xfs-free-uncommitted-transactions-during-log-recovery.patch
queue-4.9/xfs-don-t-crash-on-unexpected-holes-in-dir-attr-btrees.patch
queue-4.9/xfs-fix-spurious-spin_is_locked-assert-failures-on-non-smp-kernels.patch
queue-4.9/xfs-fix-per-inode-dax-flag-inheritance.patch
queue-4.9/xfs-fix-multi-ag-deadlock-in-xfs_bunmapi.patch
queue-4.9/xfs-release-bli-from-transaction-properly-on-fs-shutdown.patch
queue-4.9/xfs-check-_alloc_read_agf-buffer-pointer-before-using.patch