Commit 25b42b75 authored Nov 02, 2024 by Lizhi Xu Committed by Zeng Heng Nov 02, 2024

ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate

stable inclusion
from stable-v6.6.55
commit d52c5652e7dcb7a0648bbb8642cc3e617070ab49
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRA8
CVE: CVE-2024-49877

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d52c5652e7dcb7a0648bbb8642cc3e617070ab49

--------------------------------

commit 33b525cef4cff49e216e4133cc48452e11c0391e upstream.

When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger
NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if
bh is NULL.

Link: https://lkml.kernel.org/r/20240902023636.1843422-3-joseph.qi@linux.alibaba.com


Fixes: cf76c785 ("ocfs2: don't put and assigning null to bh allocated outside")
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reported-by: Heming Zhao <heming.zhao@suse.com>
Suggested-by: Heming Zhao <heming.zhao@suse.com>
Cc: <stable@vger.kernel.org>	[4.20+]
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Mark Fasheh <mark@fasheh.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zeng Heng <zengheng4@huawei.com>

parent cc5e1415

fs/ocfs2/buffer_head_io.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -390,6 +390,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
		/* Always set the buffer in the cache, even if it was
		* a forced read, or read-ahead which hasn't yet
		* completed. */
		if (bh)
		ocfs2_set_buffer_uptodate(ci, bh);
		}
		ocfs2_metadata_cache_io_unlock(ci);