linux

History

wangyan 9f16ca48fc ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() I found a NULL pointer dereference in ocfs2_update_inode_fsync_trans(), handle->h_transaction may be NULL in this situation: ocfs2_file_write_iter ->__generic_file_write_iter ->generic_perform_write ->ocfs2_write_begin ->ocfs2_write_begin_nolock ->ocfs2_write_cluster_by_desc ->ocfs2_write_cluster ->ocfs2_mark_extent_written ->ocfs2_change_extent_flag ->ocfs2_split_extent ->ocfs2_try_to_merge_extent ->ocfs2_extend_rotate_transaction ->ocfs2_extend_trans ->jbd2_journal_restart ->jbd2__journal_restart // handle->h_transaction is NULL here ->handle->h_transaction = NULL; ->start_this_handle /* journal aborted due to storage network disconnection, return error / ->return -EROFS; / line 3806 in ocfs2_try_to_merge_extent (), it will ignore ret error. */ ->ret = 0; ->... ->ocfs2_write_end ->ocfs2_write_end_nolock ->ocfs2_update_inode_fsync_trans // NULL pointer dereference ->oi->i_sync_tid = handle->h_transaction->t_tid; The information of NULL pointer dereference as follows: JBD2: Detected IO errors while flushing file data on dm-11-45 Aborting journal on device dm-11-45. JBD2: Error -5 detected when updating journal superblock for dm-11-45. (dd,22081,3):ocfs2_extend_trans:474 ERROR: status = -30 (dd,22081,3):ocfs2_try_to_merge_extent:3877 ERROR: status = -30 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Mem abort info: ESR = 0x96000004 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e74e1338 [0000000000000008] pgd=0000000000000000 Internal error: Oops: 96000004 [#1] SMP Process dd (pid: 22081, stack limit = 0x00000000584f35a9) CPU: 3 PID: 22081 Comm: dd Kdump: loaded Hardware name: Huawei TaiShan 2280 V2/BC82AMDD, BIOS 0.98 08/25/2019 pstate: 60400009 (nZCv daif +PAN -UAO) pc : ocfs2_write_end_nolock+0x2b8/0x550 [ocfs2] lr : ocfs2_write_end_nolock+0x2a0/0x550 [ocfs2] sp : ffff0000459fba70 x29: ffff0000459fba70 x28: 0000000000000000 x27: ffff807ccf7f1000 x26: 0000000000000001 x25: ffff807bdff57970 x24: ffff807caf1d4000 x23: ffff807cc79e9000 x22: 0000000000001000 x21: 000000006c6cd000 x20: ffff0000091d9000 x19: ffff807ccb239db0 x18: ffffffffffffffff x17: 000000000000000e x16: 0000000000000007 x15: ffff807c5e15bd78 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000001 x9 : 0000000000000228 x8 : 000000000000000c x7 : 0000000000000fff x6 : ffff807a308ed6b0 x5 : ffff7e01f10967c0 x4 : 0000000000000018 x3 : d0bc661572445600 x2 : 0000000000000000 x1 : 000000001b2e0200 x0 : 0000000000000000 Call trace: ocfs2_write_end_nolock+0x2b8/0x550 [ocfs2] ocfs2_write_end+0x4c/0x80 [ocfs2] generic_perform_write+0x108/0x1a8 __generic_file_write_iter+0x158/0x1c8 ocfs2_file_write_iter+0x668/0x950 [ocfs2] __vfs_write+0x11c/0x190 vfs_write+0xac/0x1c0 ksys_write+0x6c/0xd8 __arm64_sys_write+0x24/0x30 el0_svc_common+0x78/0x130 el0_svc_handler+0x38/0x78 el0_svc+0x8/0xc To prevent NULL pointer dereference in this situation, we use is_handle_aborted() before using handle->h_transaction->t_tid. Link: http://lkml.kernel.org/r/03e750ab-9ade-83aa-b000-b9e81e34e539@huawei.com Signed-off-by: Yan Wang <wangyan122@huawei.com> Reviewed-by: Jun Piao <piaojun@huawei.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Joseph Qi <jiangqi903@gmail.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2020-01-31 10:30:36 -08:00
..
cluster	ocfs2: remove unneeded semicolons	2020-01-31 10:30:36 -08:00
dlm	ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use	2020-01-31 10:30:36 -08:00
dlmfs	ocfs2: make local header paths relative to C files	2020-01-31 10:30:36 -08:00
acl.c	ocfs2: fix passing zero to 'PTR_ERR' warning	2019-12-01 06:29:17 -08:00
acl.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
alloc.c	ocfs2: Use accessor function for h_buffer_credits	2019-11-05 16:00:48 -05:00
alloc.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
aops.c	Pipework for general notification queue	2019-11-30 14:12:13 -08:00
aops.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
blockcheck.c	ocfs2: further debugfs cleanups	2019-09-24 15:54:07 -07:00
blockcheck.h	ocfs: no need to check return value of debugfs_create functions	2019-07-12 11:05:41 -07:00
buffer_head_io.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
buffer_head_io.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
dcache.c	fs/ocfs2: fix race in ocfs2_dentry_attach_lock()	2019-06-13 17:34:56 -10:00
dcache.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
dir.c	fs/ocfs2/dir.c: remove set but not used variables	2019-09-24 15:54:07 -07:00
dir.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
dlmglue.c	ocfs2: remove unneeded semicolons	2020-01-31 10:30:36 -08:00
dlmglue.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
export.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
export.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
extent_map.c	ocfs2: delete unnecessary checks before brelse()	2019-09-24 15:54:07 -07:00
extent_map.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 405	2019-06-05 17:37:13 +02:00
file.c	ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()	2019-11-06 08:47:08 -08:00
file.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
filecheck.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
filecheck.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
heartbeat.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
heartbeat.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
inode.c	ocfs2: fix spelling mistake "ambigous" -> "ambiguous"	2019-09-24 15:54:07 -07:00
inode.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
ioctl.c	compat_ioctl: remove most of fs/compat_ioctl.c	2019-12-01 13:46:15 -08:00
ioctl.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
journal.c	ocfs2: call journal flush to mark journal as empty after journal recovery when mount	2020-01-04 13:55:09 -08:00
journal.h	ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()	2020-01-31 10:30:36 -08:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
localalloc.c	ocfs2: fix panic due to ocfs2_wq is null	2019-10-19 06:32:32 -04:00
localalloc.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
locks.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
locks.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
Makefile	ocfs2: improve ocfs2 Makefile	2018-12-28 12:11:45 -08:00
mmap.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
mmap.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
move_extents.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
move_extents.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
namei.c	fs/ocfs2/namei.c: remove set but not used variables	2019-09-24 15:54:07 -07:00
namei.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
ocfs1_fs_compat.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 405	2019-06-05 17:37:13 +02:00
ocfs2_fs.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 405	2019-06-05 17:37:13 +02:00
ocfs2_ioctl.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
ocfs2_lockid.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
ocfs2_lockingver.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
ocfs2_trace.h	ocfs2: fix the application IO timeout when fstrim is running	2019-03-05 21:07:13 -08:00
ocfs2.h	ocfs2: further debugfs cleanups	2019-09-24 15:54:07 -07:00
quota_global.c	quota: Check that quota is not dirty before release	2019-10-31 19:07:42 +01:00
quota_local.c	ocfs2: return -EROFS when filesystem becomes read-only	2018-08-17 16:20:27 -07:00
quota.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
refcounttree.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
refcounttree.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
reservations.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
reservations.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00
resize.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
resize.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
slot_map.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
slot_map.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
stack_o2cb.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
stack_user.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
stackglue.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
stackglue.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 286	2019-06-05 17:36:37 +02:00
suballoc.c	jbd2: Make state lock a spinlock	2019-10-21 09:16:46 -04:00
suballoc.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
super.c	fs: Use dquot_load_quota_inode() from filesystems	2019-11-04 09:58:05 +01:00
super.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
symlink.c	vfs: remove ".readlink = generic_readlink" assignments	2016-12-09 16:45:04 +01:00
symlink.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
sysfile.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
sysfile.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
uptodate.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
uptodate.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 145	2019-05-30 11:25:18 -07:00
xattr.c	Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"	2019-11-22 09:11:18 -08:00
xattr.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174	2019-05-30 11:26:41 -07:00