diff options
author | Glauber de Oliveira Costa <glommer@br.ibm.com> | 2005-10-31 00:03:05 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-10-31 02:37:26 +0100 |
commit | 2973dfdb877c17b36c27ba66d71028ff1eb2f32e (patch) | |
tree | 9734599068f3fcf7cd33f948235588f7a275d193 | |
parent | [PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FRE... (diff) | |
download | linux-2973dfdb877c17b36c27ba66d71028ff1eb2f32e.tar.xz linux-2973dfdb877c17b36c27ba66d71028ff1eb2f32e.zip |
[PATCH] Test for sb_getblk return value
This patch adds tests for the return value of sb_getblk() in the ext2/3
filesystems. In fs/buffer.c it is stated that the getblk() function never
fails. However, it does can return NULL in some situations due to I/O
errors, which may lead us to NULL pointer dereferences
Signed-off-by: Glauber de Oliveira Costa <glommer@br.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/ext2/inode.c | 4 | ||||
-rw-r--r-- | fs/ext3/inode.c | 9 | ||||
-rw-r--r-- | fs/ext3/resize.c | 10 |
3 files changed, 22 insertions, 1 deletions
diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c index fdba4d1d3c60..e7d3f0522d01 100644 --- a/fs/ext2/inode.c +++ b/fs/ext2/inode.c @@ -440,6 +440,10 @@ static int ext2_alloc_branch(struct inode *inode, * the pointer to new one, then send parent to disk. */ bh = sb_getblk(inode->i_sb, parent); + if (!bh) { + err = -EIO; + break; + } lock_buffer(bh); memset(bh->b_data, 0, blocksize); branch[n].bh = bh; diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c index b5da5244e144..5d9b00e28837 100644 --- a/fs/ext3/inode.c +++ b/fs/ext3/inode.c @@ -523,7 +523,6 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode, if (!nr) break; branch[n].key = cpu_to_le32(nr); - keys = n+1; /* * Get buffer_head for parent block, zero it out @@ -531,6 +530,9 @@ static int ext3_alloc_branch(handle_t *handle, struct inode *inode, * parent to disk. */ bh = sb_getblk(inode->i_sb, parent); + if (!bh) + break; + keys = n+1; branch[n].bh = bh; lock_buffer(bh); BUFFER_TRACE(bh, "call get_create_access"); @@ -864,6 +866,10 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode, if (!*errp && buffer_mapped(&dummy)) { struct buffer_head *bh; bh = sb_getblk(inode->i_sb, dummy.b_blocknr); + if (!bh) { + *errp = -EIO; + goto err; + } if (buffer_new(&dummy)) { J_ASSERT(create != 0); J_ASSERT(handle != 0); @@ -896,6 +902,7 @@ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode, } return bh; } +err: return NULL; } diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c index 57f79106267d..1be78b4b4de9 100644 --- a/fs/ext3/resize.c +++ b/fs/ext3/resize.c @@ -118,6 +118,8 @@ static struct buffer_head *bclean(handle_t *handle, struct super_block *sb, int err; bh = sb_getblk(sb, blk); + if (!bh) + return ERR_PTR(-EIO); if ((err = ext3_journal_get_write_access(handle, bh))) { brelse(bh); bh = ERR_PTR(err); @@ -202,6 +204,10 @@ static int setup_new_group_blocks(struct super_block *sb, ext3_debug("update backup group %#04lx (+%d)\n", block, bit); gdb = sb_getblk(sb, block); + if (!gdb) { + err = -EIO; + goto exit_bh; + } if ((err = ext3_journal_get_write_access(handle, gdb))) { brelse(gdb); goto exit_bh; @@ -643,6 +649,10 @@ static void update_backups(struct super_block *sb, break; bh = sb_getblk(sb, group * bpg + blk_off); + if (!bh) { + err = -EIO; + break; + } ext3_debug("update metadata backup %#04lx\n", (unsigned long)bh->b_blocknr); if ((err = ext3_journal_get_write_access(handle, bh))) |