On Thu, Sep 13, 2018 at 11:35:10AM +0300, Nikolay Borisov wrote:
>In btrfs_search_old_slot get_old_root is always used with the
>assumption it cannot fail. However, this is not true in rare
>circumstance it can fail and return null. This will lead to null
>point dereference when the header is read. Fix this by checking the
>return value and properly handling NULL by setting ret to -EIO and
>returning gracefully.
>
>CID: 1087503
>Signed-off-by: Nikolay Borisov <nbori...@suse.com>
Reviewed-by: Lu Fengqi <lufq.f...@cn.fujitsu.com>
--
Thanks,
Lu
>---
> fs/btrfs/ctree.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
>diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
>index 1124d236291d..a5399fd49c17 100644
>--- a/fs/btrfs/ctree.c
>+++ b/fs/btrfs/ctree.c
>@@ -2961,6 +2961,10 @@ int btrfs_search_old_slot(struct btrfs_root *root,
>const struct btrfs_key *key,
>
> again:
> b = get_old_root(root, time_seq);
>+ if (!b) {
>+ ret = -EIO;
>+ goto done;
>+ }
> level = btrfs_header_level(b);
> p->locks[level] = BTRFS_READ_LOCK;
>
>--
>2.7.4
>
>
>
