Skip to content

Commit 02bed83

Browse files
author
Kent Overstreet
committed
bcachefs: Fix null ptr deref in twf from BCH_IOCTL_FSCK_OFFLINE
We need to initialize the stdio redirects before they're used. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
1 parent ad29cf9 commit 02bed83

3 files changed

Lines changed: 19 additions & 3 deletions

File tree

fs/bcachefs/chardev.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,13 +232,15 @@ static long bch2_ioctl_fsck_offline(struct bch_ioctl_fsck_offline __user *user_a
232232
/* We need request_key() to be called before we punt to kthread: */
233233
opt_set(thr->opts, nostart, true);
234234

235+
bch2_thread_with_stdio_init(&thr->thr, &bch2_offline_fsck_ops);
236+
235237
thr->c = bch2_fs_open(devs.data, arg.nr_devs, thr->opts);
236238

237239
if (!IS_ERR(thr->c) &&
238240
thr->c->opts.errors == BCH_ON_ERROR_panic)
239241
thr->c->opts.errors = BCH_ON_ERROR_ro;
240242

241-
ret = bch2_run_thread_with_stdio(&thr->thr, &bch2_offline_fsck_ops);
243+
ret = __bch2_run_thread_with_stdio(&thr->thr);
242244
out:
243245
darray_for_each(devs, i)
244246
kfree(*i);

fs/bcachefs/thread_with_file.c

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -294,16 +294,27 @@ static int thread_with_stdio_fn(void *arg)
294294
return 0;
295295
}
296296

297-
int bch2_run_thread_with_stdio(struct thread_with_stdio *thr,
298-
const struct thread_with_stdio_ops *ops)
297+
void bch2_thread_with_stdio_init(struct thread_with_stdio *thr,
298+
const struct thread_with_stdio_ops *ops)
299299
{
300300
stdio_buf_init(&thr->stdio.input);
301301
stdio_buf_init(&thr->stdio.output);
302302
thr->ops = ops;
303+
}
303304

305+
int __bch2_run_thread_with_stdio(struct thread_with_stdio *thr)
306+
{
304307
return bch2_run_thread_with_file(&thr->thr, &thread_with_stdio_fops, thread_with_stdio_fn);
305308
}
306309

310+
int bch2_run_thread_with_stdio(struct thread_with_stdio *thr,
311+
const struct thread_with_stdio_ops *ops)
312+
{
313+
bch2_thread_with_stdio_init(thr, ops);
314+
315+
return __bch2_run_thread_with_stdio(thr);
316+
}
317+
307318
int bch2_run_thread_with_stdout(struct thread_with_stdio *thr,
308319
const struct thread_with_stdio_ops *ops)
309320
{

fs/bcachefs/thread_with_file.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@ struct thread_with_stdio {
6363
const struct thread_with_stdio_ops *ops;
6464
};
6565

66+
void bch2_thread_with_stdio_init(struct thread_with_stdio *,
67+
const struct thread_with_stdio_ops *);
68+
int __bch2_run_thread_with_stdio(struct thread_with_stdio *);
6669
int bch2_run_thread_with_stdio(struct thread_with_stdio *,
6770
const struct thread_with_stdio_ops *);
6871
int bch2_run_thread_with_stdout(struct thread_with_stdio *,

0 commit comments

Comments
 (0)