In some specific situation, the return value of __bch_btree_node_alloc may be NULL. This may lead to poential NULL pointer dereference in caller function like a calling chaion : btree_split->bch_btree_node_alloc->__bch_btree_node_alloc.
Fix it by initialize return value in __bch_btree_node_alloc before return.
Fixes: cafe56359144 ("bcache: A block layer cache") Cc: stable@vger.kernel.org Signed-off-by: Zheng Wang zyytlz.wz@163.com --- v3: - Add Cc: stable@vger.kernel.org suggested by Eric v2: - split patch v1 into two patches to make it clearer suggested by Coly Li --- drivers/md/bcache/btree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 147c493a989a..cae25e74b9e0 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -1090,10 +1090,12 @@ struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op, struct btree *parent) { BKEY_PADDED(key) k; - struct btree *b = ERR_PTR(-EAGAIN); + struct btree *b;
mutex_lock(&c->bucket_lock); retry: + /* return ERR_PTR(-EAGAIN) when it fails */ + b = ERR_PTR(-EAGAIN); if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, wait)) goto err;