diff options
| author | Diogo Jahchan Koike <djahchankoike@gmail.com> | 2024-09-10 18:18:34 -0300 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2024-09-21 11:39:49 -0400 |
| commit | 025c55a4c7f11ea38521c6e797f3192ad8768c93 (patch) | |
| tree | b9debe4e9e97622cedf7a699ae08dd98b48f0dca /fs/bcachefs | |
| parent | abb43dd677f3c5508dc369a61f82f89a8b16b811 (diff) | |
| download | linux-025c55a4c7f11ea38521c6e797f3192ad8768c93.tar.gz linux-025c55a4c7f11ea38521c6e797f3192ad8768c93.tar.bz2 linux-025c55a4c7f11ea38521c6e797f3192ad8768c93.zip | |
bcachefs: return err ptr instead of null in read sb clean
syzbot reported a null-ptr-deref in bch2_fs_start. [0]
When a sb is marked clear but doesn't have a clean section
bch2_read_superblock_clean returns NULL which PTR_ERR_OR_ZERO
lets through, eventually leading to a null ptr dereference down
the line. Adjust read sb clean to return an ERR_PTR indicating the
invalid clean section.
[0] https://syzkaller.appspot.com/bug?extid=1cecc37d87c4286e5543
Reported-by: syzbot+1cecc37d87c4286e5543@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1cecc37d87c4286e5543
Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'fs/bcachefs')
| -rw-r--r-- | fs/bcachefs/sb-clean.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c index c57d42bb8d1b..025848a9c4c0 100644 --- a/fs/bcachefs/sb-clean.c +++ b/fs/bcachefs/sb-clean.c @@ -155,7 +155,7 @@ struct bch_sb_field_clean *bch2_read_superblock_clean(struct bch_fs *c) SET_BCH_SB_CLEAN(c->disk_sb.sb, false); c->sb.clean = false; mutex_unlock(&c->sb_lock); - return NULL; + return ERR_PTR(-BCH_ERR_invalid_sb_clean); } clean = kmemdup(sb_clean, vstruct_bytes(&sb_clean->field), |