Commit 03cc1e67 authored by Kent Overstreet's avatar Kent Overstreet

bcachefs: Fix null ptr deref in bch2_backpointer_get_node()

bch2_btree_iter_peek_node() can return a NULL ptr (when the tree is
shorter than the search depth); handle this with an early return.
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
Reported-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
Fixes: https://lore.kernel.org/linux-bcachefs/5fc3c28b-c232-4ec7-b0ac-4ef220ddf976@moroto.mountain/T/Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent 274c2f8f
...@@ -313,17 +313,17 @@ struct btree *bch2_backpointer_get_node(struct btree_trans *trans, ...@@ -313,17 +313,17 @@ struct btree *bch2_backpointer_get_node(struct btree_trans *trans,
bp.level - 1, bp.level - 1,
0); 0);
b = bch2_btree_iter_peek_node(iter); b = bch2_btree_iter_peek_node(iter);
if (IS_ERR(b)) if (IS_ERR_OR_NULL(b))
goto err; goto err;
BUG_ON(b->c.level != bp.level - 1); BUG_ON(b->c.level != bp.level - 1);
if (b && extent_matches_bp(c, bp.btree_id, bp.level, if (extent_matches_bp(c, bp.btree_id, bp.level,
bkey_i_to_s_c(&b->key), bkey_i_to_s_c(&b->key),
bucket, bp)) bucket, bp))
return b; return b;
if (b && btree_node_will_make_reachable(b)) { if (btree_node_will_make_reachable(b)) {
b = ERR_PTR(-BCH_ERR_backpointer_to_overwritten_btree_node); b = ERR_PTR(-BCH_ERR_backpointer_to_overwritten_btree_node);
} else { } else {
backpointer_not_found(trans, bp_pos, bp, bkey_i_to_s_c(&b->key)); backpointer_not_found(trans, bp_pos, bp, bkey_i_to_s_c(&b->key));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment