Commit 64193129 authored Feb 26, 2025 by pangliyuan Committed by Wang Zhaolong Feb 26, 2025

ubifs: skip dumping tnc tree when zroot is null

mainline inclusion
from mainline-v6.14-rc1
commit bdb0ca39e0acccf6771db49c3f94ed787d05f2d7
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBP1QB
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bdb0ca39e0acccf6771db49c3f94ed787d05f2d7

--------------------------------

Clearing slab cache will free all znode in memory and make
c->zroot.znode = NULL, then dumping tnc tree will access
c->zroot.znode which cause null pointer dereference.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=219624#c0


Fixes: 1e51764a ("UBIFS: add new flash file system")
Signed-off-by: pangliyuan <pangliyuan1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com>

parent 09176f76

fs/ubifs/debug.c

+13 −9

Original line number	Diff line number	Diff line
		@@ -946,6 +946,7 @@ void ubifs_dump_tnc(struct ubifs_info *c)

		pr_err("\n");
		pr_err("(pid %d) start dumping TNC tree\n", current->pid);
		if (c->zroot.znode) {
		znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, NULL);
		level = znode->level;
		pr_err("== Level %d ==\n", level);
		@@ -957,6 +958,9 @@ void ubifs_dump_tnc(struct ubifs_info *c)
		ubifs_dump_znode(c, znode);
		znode = ubifs_tnc_levelorder_next(c, c->zroot.znode, znode);
		}
		} else {
		pr_err("empty TNC tree in memory\n");
		}
		pr_err("(pid %d) finish dumping TNC tree\n", current->pid);
		}