The error path of xfs_attr_leaf_hasname() can leave a NULL xfs_buf pointer. xfs_has_attr() checks for the NULL pointer but the other callers do not.

We tripped over the NULL pointer in xfs_attr_leaf_get() but fix the other callers too.

Fixes v5.8-rc4-95-g07120f1abdff ("xfs: Add xfs_has_attr and subroutines") No reproducer.

Cc: stable@vger.kernel.org # v5.19+ with another port for v5.9 - v5.18 Signed-off-by: Mark Tinguely mark.tinguely@oracle.com --- fs/xfs/libxfs/xfs_attr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 8c04acd30d48..25e2ecf20d14 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -1266,7 +1266,8 @@ xfs_attr_leaf_removename(

error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { - xfs_trans_brelse(args->trans, bp); + if (bp) + xfs_trans_brelse(args->trans, bp); if (args->op_flags & XFS_DA_OP_RECOVERY) return 0; return error; @@ -1305,7 +1306,8 @@ xfs_attr_leaf_get(xfs_da_args_t *args) error = xfs_attr_leaf_hasname(args, &bp);

if (error == -ENOATTR) { - xfs_trans_brelse(args->trans, bp); + if (bp) + xfs_trans_brelse(args->trans, bp); return error; } else if (error != -EEXIST) return error;