diff mbox series

[next] btrfs: selftests: prevent error pointer dereference in merge_tests()

Message ID 85027056-1008-4beb-addb-0bde7ca1b0f0@stanley.mountain (mailing list archive)
State New
Headers show
Series [next] btrfs: selftests: prevent error pointer dereference in merge_tests() | expand

Commit Message

Dan Carpenter Dec. 6, 2024, 12:26 p.m. UTC 
Passing an error pointer to btrfs_unselect_ref_head() will cause an
Oops so change the error checking from a NULL check to a
!IS_ERR_OR_NULL(head) check.

The error pointer comes from btrfs_select_ref_head().  If we
successfully select the head, then we have to unselect it.  The select
function is called six times and five of them change the error pointers
to NULL, but one call was accidentally missed.

Fixes: fa3dda44871b ("btrfs: selftests: add delayed ref self test cases")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 fs/btrfs/tests/delayed-refs-tests.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

Comments

David Sterba Dec. 6, 2024, 7:35 p.m. UTC | #1 
On Fri, Dec 06, 2024 at 03:26:14PM +0300, Dan Carpenter wrote:
> Passing an error pointer to btrfs_unselect_ref_head() will cause an
> Oops so change the error checking from a NULL check to a
> !IS_ERR_OR_NULL(head) check.
> 
> The error pointer comes from btrfs_select_ref_head().  If we
> successfully select the head, then we have to unselect it.  The select
> function is called six times and five of them change the error pointers
> to NULL, but one call was accidentally missed.
> 
> Fixes: fa3dda44871b ("btrfs: selftests: add delayed ref self test cases")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Thanks, as the fixed patch is still in the development queue I've folded
it there.
diff mbox series

Patch

diff --git a/fs/btrfs/tests/delayed-refs-tests.c b/fs/btrfs/tests/delayed-refs-tests.c
index 9b469791c20a..f9b5c4f07a6a 100644
--- a/fs/btrfs/tests/delayed-refs-tests.c
+++ b/fs/btrfs/tests/delayed-refs-tests.c
@@ -406,7 +406,6 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 				 PTR_ERR(head));
 		else
 			test_err("failed to find delayed ref head");
-		head = NULL;
 		goto out;
 	}
 
@@ -457,7 +456,6 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 				 PTR_ERR(head));
 		else
 			test_err("failed to find delayed ref head");
-		head = NULL;
 		goto out;
 	}
 
@@ -590,7 +588,6 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 				 PTR_ERR(head));
 		else
 			test_err("failed to find delayed ref head");
-		head = NULL;
 		ret = -EINVAL;
 		goto out;
 	}
@@ -662,7 +659,6 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 		else
 			test_err("failed to find delayed ref head");
 		ret = -EINVAL;
-		head = NULL;
 		goto out;
 	}
 
@@ -747,7 +743,6 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 				 PTR_ERR(head));
 		else
 			test_err("failed to find delayed ref head");
-		head = NULL;
 		ret = -EINVAL;
 		goto out;
 	}
@@ -769,7 +764,7 @@  static int merge_tests(struct btrfs_trans_handle *trans,
 	}
 	ret = 0;
 out:
-	if (head)
+	if (!IS_ERR_OR_NULL(head))
 		btrfs_unselect_ref_head(&trans->transaction->delayed_refs, head);
 	btrfs_destroy_delayed_refs(trans->transaction);
 	return ret;