btrfs: handle error of get_old_root

[ Upstream commit 315bed43fea532650933e7bba316a7601d439edf ] In btrfs_search_old_slot get_old_root is always used with the assumption it cannot fail. However, this is not true in rare circumstance it can fail and return null. This will lead to null point dereference when the header is read. Fix this by checking the return value and properly handling NULL by setting ret to -EIO and returning gracefully. Coverity-id: 1087503 Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Nikolay Borisov <nborisov@suse.com> 2018-09-13 11:35:10 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-11-28 18:28:21 +0100
commit: 56af2416cbe59428beb0e9a010021362f856ada5 (patch)
tree: 791158a6adbbc97aba592ab1c92d50c00e4c1a39 /fs/btrfs
parent: 8fe3143ff59c6cd59f380fc59e2f691c02422e27 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 3df434eb1474..3faccbf35e9f 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2973,6 +2973,10 @@ int btrfs_search_old_slot(struct btrfs_root *root, struct btrfs_key *key,
 
 again:
 	b = get_old_root(root, time_seq);
+	if (!b) {
+		ret = -EIO;
+		goto done;
+	}
 	level = btrfs_header_level(b);
 	p->locks[level] = BTRFS_READ_LOCK;
author	Nikolay Borisov <nborisov@suse.com>	2018-09-13 11:35:10 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-11-28 18:28:21 +0100
commit	56af2416cbe59428beb0e9a010021362f856ada5 (patch)
tree	791158a6adbbc97aba592ab1c92d50c00e4c1a39 /fs/btrfs
parent	8fe3143ff59c6cd59f380fc59e2f691c02422e27 (diff)