bcache: check return value from btree_node_alloc_replacement()
authorColy Li <colyli@suse.de>
Mon, 20 Nov 2023 05:24:55 +0000 (13:24 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 3 Dec 2023 06:32:12 +0000 (07:32 +0100)
commit 777967e7e9f6f5f3e153abffb562bffaf4430d26 upstream.

In btree_gc_rewrite_node(), pointer 'n' is not checked after it returns
from btree_gc_rewrite_node(). There is potential possibility that 'n' is
a non NULL ERR_PTR(), referencing such error code is not permitted in
following code. Therefore a return value checking is necessary after 'n'
is back from btree_node_alloc_replacement().

Signed-off-by: Coly Li <colyli@suse.de>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20231120052503.6122-3-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/md/bcache/btree.c

index 119f64c83a4fd336e468b63676d87d9d0748d224..4d3595d6d1c4070e928399536360f6291085c8d1 100644 (file)
@@ -1506,6 +1506,8 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op,
                return 0;
 
        n = btree_node_alloc_replacement(replace, NULL);
+       if (IS_ERR(n))
+               return 0;
 
        /* recheck reserve after allocating replacement node */
        if (btree_check_reserve(b, NULL)) {