From: Prince Kumar Maurya <princekumarmaurya06@gmail.com>
Date: Wed, 31 May 2023 01:31:41 +0000 (-0700)
Subject: fs/sysv: Null check to prevent null-ptr-deref bug
X-Git-Tag: v6.6.7~2619^2~16
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ea2b62f305893992156a798f665847e0663c9f41;p=platform%2Fkernel%2Flinux-starfive.git

fs/sysv: Null check to prevent null-ptr-deref bug

sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on
that leads to the null-ptr-deref bug.

Reported-by: syzbot+aad58150cbc64ba41bdc@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=aad58150cbc64ba41bdc
Signed-off-by: Prince Kumar Maurya <princekumarmaurya06@gmail.com>
Message-Id: <20230531013141.19487-1-princekumarmaurya06@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
---

diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c
index b22764f..58d7f43 100644
--- a/fs/sysv/itree.c
+++ b/fs/sysv/itree.c
@@ -145,6 +145,10 @@ static int alloc_branch(struct inode *inode,
 		 */
 		parent = block_to_cpu(SYSV_SB(inode->i_sb), branch[n-1].key);
 		bh = sb_getblk(inode->i_sb, parent);
+		if (!bh) {
+			sysv_free_block(inode->i_sb, branch[n].key);
+			break;
+		}
 		lock_buffer(bh);
 		memset(bh->b_data, 0, blocksize);
 		branch[n].bh = bh;