bcachefs: fix possible null-ptr-deref in __bch2_ec_stripe_head_get()

The function ec_new_stripe_head_alloc() returns nullptr if kzalloc()
fails. It is crucial to verify its return value before dereferencing
it to avoid a potential nullptr dereference.

Fixes: 035d72f72c91 ("bcachefs: bch2_ec_stripe_head_get() now checks for change in rw devices")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/ec.c b/fs/bcachefs/ec.c
index a0aa5bb..749dcf3 100644 (file)
--- a/fs/bcachefs/ec.c
+++ b/fs/bcachefs/ec.c
@@ -1870,6 +1870,10 @@ __bch2_ec_stripe_head_get(struct btree_trans *trans,
                }
 
        h = ec_new_stripe_head_alloc(c, disk_label, algo, redundancy, watermark);
+       if (!h) {
+               h = ERR_PTR(-BCH_ERR_ENOMEM_stripe_head_alloc);
+               goto err;
+       }
 found:
        if (h->rw_devs_change_count != c->rw_devs_change_count)
                ec_stripe_head_devs_update(c, h);

diff --git a/fs/bcachefs/errcode.h b/fs/bcachefs/errcode.h
index b6cbd71..a1bc6c7 100644 (file)
--- a/fs/bcachefs/errcode.h
+++ b/fs/bcachefs/errcode.h
@@ -83,6 +83,7 @@
        x(ENOMEM,                       ENOMEM_fs_other_alloc)                  \
        x(ENOMEM,                       ENOMEM_dev_alloc)                       \
        x(ENOMEM,                       ENOMEM_disk_accounting)                 \
+       x(ENOMEM,                       ENOMEM_stripe_head_alloc)               \
        x(ENOSPC,                       ENOSPC_disk_reservation)                \
        x(ENOSPC,                       ENOSPC_bucket_alloc)                    \
        x(ENOSPC,                       ENOSPC_disk_label_add)                  \