| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 09:21:46 +0800
From: Zhihao Cheng <chengzhihao1@...wei.com>
To: <richard@....at>
CC: <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
<dan.carpenter@...cle.com>, <chengzhihao1@...wei.com>,
<yukuai3@...wei.com>
Subject: [PATCH -next] ubifs: ubifs_gc_start_commit: Fix error check for lp pointer
Treating the NULL pointer returned from ubifs_fast_find_frdi_idx() as
ENOMEM will make ubifs_gc_start_commit() fails, which could make ubifs
read-only. Actually a returned NULL pointer is the termination
condition in while-loop in ubifs_gc_start_commit().
Fixes: c770cd5190ba ("ubifs: fix an IS_ERR() vs NULL check")
Reported-by: Colin Ian King <colin.king@...onical.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@...wei.com>
---
fs/ubifs/gc.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/fs/ubifs/gc.c b/fs/ubifs/gc.c
index 7cc22d7317ea..b1f276599b04 100644
--- a/fs/ubifs/gc.c
+++ b/fs/ubifs/gc.c
@@ -895,10 +895,6 @@ int ubifs_gc_start_commit(struct ubifs_info *c)
/* Record index freeable LEBs for unmapping after commit */
while (1) {
lp = ubifs_fast_find_frdi_idx(c);
- if (!lp) {
- err = -ENOMEM;
- goto out;
- }
if (!lp)
break;
idx_gc = kmalloc(sizeof(struct ubifs_gced_idx_leb), GFP_NOFS);
--
2.31.1
Powered by blists - more mailing lists