Commit 2973dfdb authored by Glauber de Oliveira Costa's avatar Glauber de Oliveira Costa Committed by Linus Torvalds

[PATCH] Test for sb_getblk return value

This patch adds tests for the return value of sb_getblk() in the ext2/3
filesystems.  In fs/buffer.c it is stated that the getblk() function never
fails.  However, it does can return NULL in some situations due to I/O
errors, which may lead us to NULL pointer dereferences
Signed-off-by: default avatarGlauber de Oliveira Costa <glommer@br.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 7f04c26d
...@@ -440,6 +440,10 @@ static int ext2_alloc_branch(struct inode *inode, ...@@ -440,6 +440,10 @@ static int ext2_alloc_branch(struct inode *inode,
* the pointer to new one, then send parent to disk. * the pointer to new one, then send parent to disk.
*/ */
bh = sb_getblk(inode->i_sb, parent); bh = sb_getblk(inode->i_sb, parent);
if (!bh) {
err = -EIO;
break;
}
lock_buffer(bh); lock_buffer(bh);
memset(bh->b_data, 0, blocksize); memset(bh->b_data, 0, blocksize);
branch[n].bh = bh; branch[n].bh = bh;
......
...@@ -523,7 +523,6 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode, ...@@ -523,7 +523,6 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode,
if (!nr) if (!nr)
break; break;
branch[n].key = cpu_to_le32(nr); branch[n].key = cpu_to_le32(nr);
keys = n+1;
/* /*
* Get buffer_head for parent block, zero it out * Get buffer_head for parent block, zero it out
...@@ -531,6 +530,9 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode, ...@@ -531,6 +530,9 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode,
* parent to disk. * parent to disk.
*/ */
bh = sb_getblk(inode->i_sb, parent); bh = sb_getblk(inode->i_sb, parent);
if (!bh)
break;
keys = n+1;
branch[n].bh = bh; branch[n].bh = bh;
lock_buffer(bh); lock_buffer(bh);
BUFFER_TRACE(bh, "call get_create_access"); BUFFER_TRACE(bh, "call get_create_access");
...@@ -864,6 +866,10 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode, ...@@ -864,6 +866,10 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode,
if (!*errp && buffer_mapped(&dummy)) { if (!*errp && buffer_mapped(&dummy)) {
struct buffer_head *bh; struct buffer_head *bh;
bh = sb_getblk(inode->i_sb, dummy.b_blocknr); bh = sb_getblk(inode->i_sb, dummy.b_blocknr);
if (!bh) {
*errp = -EIO;
goto err;
}
if (buffer_new(&dummy)) { if (buffer_new(&dummy)) {
J_ASSERT(create != 0); J_ASSERT(create != 0);
J_ASSERT(handle != 0); J_ASSERT(handle != 0);
...@@ -896,6 +902,7 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode, ...@@ -896,6 +902,7 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode,
} }
return bh; return bh;
} }
err:
return NULL; return NULL;
} }
......
...@@ -118,6 +118,8 @@ static struct buffer_head *bclean(handle_t *handle, struct super_block *sb, ...@@ -118,6 +118,8 @@ static struct buffer_head *bclean(handle_t *handle, struct super_block *sb,
int err; int err;
bh = sb_getblk(sb, blk); bh = sb_getblk(sb, blk);
if (!bh)
return ERR_PTR(-EIO);
if ((err = ext3_journal_get_write_access(handle, bh))) { if ((err = ext3_journal_get_write_access(handle, bh))) {
brelse(bh); brelse(bh);
bh = ERR_PTR(err); bh = ERR_PTR(err);
...@@ -202,6 +204,10 @@ static int setup_new_group_blocks(struct super_block *sb, ...@@ -202,6 +204,10 @@ static int setup_new_group_blocks(struct super_block *sb,
ext3_debug("update backup group %#04lx (+%d)\n", block, bit); ext3_debug("update backup group %#04lx (+%d)\n", block, bit);
gdb = sb_getblk(sb, block); gdb = sb_getblk(sb, block);
if (!gdb) {
err = -EIO;
goto exit_bh;
}
if ((err = ext3_journal_get_write_access(handle, gdb))) { if ((err = ext3_journal_get_write_access(handle, gdb))) {
brelse(gdb); brelse(gdb);
goto exit_bh; goto exit_bh;
...@@ -643,6 +649,10 @@ static void update_backups(struct super_block *sb, ...@@ -643,6 +649,10 @@ static void update_backups(struct super_block *sb,
break; break;
bh = sb_getblk(sb, group * bpg + blk_off); bh = sb_getblk(sb, group * bpg + blk_off);
if (!bh) {
err = -EIO;
break;
}
ext3_debug("update metadata backup %#04lx\n", ext3_debug("update metadata backup %#04lx\n",
(unsigned long)bh->b_blocknr); (unsigned long)bh->b_blocknr);
if ((err = ext3_journal_get_write_access(handle, bh))) if ((err = ext3_journal_get_write_access(handle, bh)))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment