Message ID | 20191019155556.3174231-1-alexander.sverdlin@gmail.com |
---|---|
State | New |
Delegated to: | David Woodhouse |
Headers | show |
Series | Revert "jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()" | expand |
----- Ursprüngliche Mail ----- > Von: "Alexander Sverdlin" <alexander.sverdlin@gmail.com> > An: "linux-mtd" <linux-mtd@lists.infradead.org> > CC: "Alexander Sverdlin" <alexander.sverdlin@gmail.com>, "David Woodhouse" <dwmw2@infradead.org>, "richard" > <richard@nod.at>, "Jia-Ju Bai" <baijiaju1990@gmail.com> > Gesendet: Samstag, 19. Oktober 2019 17:55:56 > Betreff: [PATCH] Revert "jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()" > This reverts commit f2538f999345405f7d2e1194c0c8efa4e11f7b3a. > > Looks like NULL this is never dereferenced in reality because the function > returns earlier with "return no_overlapping_node(...)". Indeed. ;-\ Jia-Ju Bai, the issue your tool found seems to be a false positive, so I'll take this revert. Thanks, //richard
diff --git a/fs/jffs2/nodelist.c b/fs/jffs2/nodelist.c index 021a4a2190ee..b86c78d178c6 100644 --- a/fs/jffs2/nodelist.c +++ b/fs/jffs2/nodelist.c @@ -226,7 +226,7 @@ static int jffs2_add_frag_to_fragtree(struct jffs2_sb_info *c, struct rb_root *r lastend = this->ofs + this->size; } else { dbg_fragtree2("lookup gave no frag\n"); - return -EINVAL; + lastend = 0; } /* See if we ran off the end of the fragtree */
This reverts commit f2538f999345405f7d2e1194c0c8efa4e11f7b3a. Looks like NULL this is never dereferenced in reality because the function returns earlier with "return no_overlapping_node(...)". That's how mounting of a fully normal JFFS2 as rootfs looks like after the patch: Run /sbin/init as init process jffs2: error: (1) jffs2_build_inode_fragtree: Add node to tree failed -22 jffs2: error: (1) jffs2_do_read_inode_internal: Failed to build final fragtree for inode #14: error -22 jffs2: iget() failed for ino #14 jffs2: error: (36) jffs2_build_inode_fragtree: Add node to tree failed -22 Starting init: /sbin/init exists but couldn't execute it (error -22) Run /etc/init as init process Run /bin/init as init process jffs2: error: (1) jffs2_build_inode_fragtree: Add node to tree failed -22 jffs2: error: (1) jffs2_do_read_inode_internal: Failed to build final fragtree for inode #2: error -22 jffs2: iget() failed for ino #2 Starting init: /bin/init exists but couldn't execute it (error -22) Run /bin/sh as init process jffs2: error: (1) jffs2_build_inode_fragtree: Add node to tree failed -22 jffs2: error: (1) jffs2_do_read_inode_internal: Failed to build final fragtree for inode #2: error -22 jffs2: iget() failed for ino #2 Starting init: /bin/sh exists but couldn't execute it (error -22) jffs2: error: (36) jffs2_do_read_inode_internal: Failed to build final fragtree for inode #128: error -22 Kernel panic - not syncing: No working init found. Try passing init= option to kernel. See Linux Documentation/admin-guide/init.rst for guidance. Fixes: f2538f99934 ("jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()") Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com> --- fs/jffs2/nodelist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)