Skip to content

Commit

Permalink
ocfs2: fix null pointer dereference in ocfs2_dir_foreach_blk_id()
Browse files Browse the repository at this point in the history 
Fix a NULL pointer deference while removing an empty directory, which
was introduced by commit 3704412 ("[readdir] convert ocfs2").

  BUG: unable to handle kernel NULL pointer dereference at (null)
  IP: [<(null)>]           (null)
  PGD 6da85067 PUD 6da89067 PMD 0
  Oops: 0010 [#1] SMP
  CPU: 0 PID: 6564 Comm: rmdir Tainted: G           O 3.11.0-rc1 #4
  RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
  Call Trace:
    ocfs2_dir_foreach+0x49/0x50 [ocfs2]
    ocfs2_empty_dir+0x12c/0x3e0 [ocfs2]
    ocfs2_unlink+0x56e/0xc10 [ocfs2]
    vfs_rmdir+0xd5/0x140
    do_rmdir+0x1cb/0x1e0
    SyS_rmdir+0x16/0x20
    system_call_fastpath+0x16/0x1b
  Code:  Bad RIP value.
  RIP  [<          (null)>]           (null)
  RSP <ffff88006daddc10>
  CR2: 0000000000000000

[[email protected]: fix pointer math]
Signed-off-by: Jie Liu <[email protected]>
Reported-by: David Weber <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Joel Becker <[email protected]>
Cc: Mark Fasheh <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@pibroch @torvalds
pibroch authored and torvalds committed Aug 14, 2013
1 parent df54d6f commit d6394b5
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions fs/ocfs2/dir.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2153,11 +2153,9 @@ int ocfs2_empty_dir(struct inode *inode)
{
int ret;
struct ocfs2_empty_dir_priv priv = {
.ctx.actor = ocfs2_empty_dir_filldir
.ctx.actor = ocfs2_empty_dir_filldir,
};

memset(&priv, 0, sizeof(priv));

if (ocfs2_dir_indexed(inode)) {
ret = ocfs2_empty_dir_dx(inode, &priv);
if (ret)
Expand Down

0 comments on commit d6394b5

Please sign in to comment.