Dan Carpenter
2013-Apr-04 06:41 UTC
[Ocfs2-devel] [patch 2/2] Ocfs2/move_extents: NULL dereference moving extents
We can't dereference "bg" before it has been assigned. GCC should have warned about this but "bg" was initialized to NULL. I've fixed that as well. Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> --- Static analysis stuff. Compile tested only. diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c index 995d1b4..f81d23c 100644 --- a/fs/ocfs2/move_extents.c +++ b/fs/ocfs2/move_extents.c @@ -471,7 +471,7 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, int ret, goal_bit = 0; struct buffer_head *gd_bh = NULL; - struct ocfs2_group_desc *bg = NULL; + struct ocfs2_group_desc *bg; struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); int c_to_b = 1 << (osb->s_clustersize_bits - inode->i_sb->s_blocksize_bits); @@ -482,13 +482,6 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, range->me_goal = ocfs2_block_to_cluster_start(inode->i_sb, range->me_goal); /* - * moving goal is not allowd to start with a group desc blok(#0 blk) - * let's compromise to the latter cluster. - */ - if (range->me_goal == le64_to_cpu(bg->bg_blkno)) - range->me_goal += c_to_b; - - /* * validate goal sits within global_bitmap, and return the victim * group desc */ @@ -502,6 +495,13 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, bg = (struct ocfs2_group_desc *)gd_bh->b_data; /* + * moving goal is not allowd to start with a group desc blok(#0 blk) + * let's compromise to the latter cluster. + */ + if (range->me_goal == le64_to_cpu(bg->bg_blkno)) + range->me_goal += c_to_b; + + /* * movement is not gonna cross two groups. */ if ((le16_to_cpu(bg->bg_bits) - goal_bit) * osb->s_clustersize <
Jeff Liu
2013-Apr-04 08:21 UTC
[Ocfs2-devel] [patch 2/2] Ocfs2/move_extents: NULL dereference moving extents
On 04/04/2013 02:39 PM, Dan Carpenter wrote:> We can't dereference "bg" before it has been assigned. > > GCC should have warned about this but "bg" was initialized to NULL. > I've fixed that as well. > > Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> > --- > Static analysis stuff. Compile tested only. > > diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c > index 995d1b4..f81d23c 100644 > --- a/fs/ocfs2/move_extents.c > +++ b/fs/ocfs2/move_extents.c > @@ -471,7 +471,7 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, > int ret, goal_bit = 0; > > struct buffer_head *gd_bh = NULL; > - struct ocfs2_group_desc *bg = NULL; > + struct ocfs2_group_desc *bg; > struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); > int c_to_b = 1 << (osb->s_clustersize_bits - > inode->i_sb->s_blocksize_bits); > @@ -482,13 +482,6 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, > range->me_goal = ocfs2_block_to_cluster_start(inode->i_sb, > range->me_goal); > /* > - * moving goal is not allowd to start with a group desc blok(#0 blk) > - * let's compromise to the latter cluster. > - */ > - if (range->me_goal == le64_to_cpu(bg->bg_blkno)) > - range->me_goal += c_to_b; > - > - /* > * validate goal sits within global_bitmap, and return the victim > * group desc > */ > @@ -502,6 +495,13 @@ static int ocfs2_validate_and_adjust_move_goal(struct inode *inode, > bg = (struct ocfs2_group_desc *)gd_bh->b_data; > > /* > + * moving goal is not allowd to start with a group desc blok(#0 blk) > + * let's compromise to the latter cluster. > + */ > + if (range->me_goal == le64_to_cpu(bg->bg_blkno)) > + range->me_goal += c_to_b; > + > + /* > * movement is not gonna cross two groups. > */ > if ((le16_to_cpu(bg->bg_bits) - goal_bit) * osb->s_clustersize <Reviewed-by: Jie Liu <jeff.liu at oracle.com> This is an obvious bug, thanks you! -Jeff> -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo at vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >