diff mbox series

[3/3] NFSD fixing possible null pointer derefering in copy offload

Message ID 20191204201354.17557-4-olga.kornievskaia@gmail.com (mailing list archive)
State New, archived
Headers show
Series NFSD copy offload fixes | expand

Commit Message

Olga Kornievskaia Dec. 4, 2019, 8:13 p.m. UTC 
Static checker revealed possible error path leading to possible
NULL pointer dereferencing.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: e0639dc5805a: ("NFSD introduce async copy feature")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 fs/nfsd/nfs4proc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 187cef6..d33c39c 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1446,7 +1446,8 @@  static void cleanup_async_copy(struct nfsd4_copy *copy)
 {
 	nfs4_free_copy_state(copy);
 	nfsd_file_put(copy->nf_dst);
-	nfsd_file_put(copy->nf_src);
+	if (copy->cp_intra)
+		nfsd_file_put(copy->nf_src);
 	spin_lock(&copy->cp_clp->async_lock);
 	list_del(&copy->copies);
 	spin_unlock(&copy->cp_clp->async_lock);
@@ -1551,7 +1552,8 @@  static int nfsd4_do_async_copy(void *data)
 out:
 	return status;
 out_err:
-	cleanup_async_copy(async_copy);
+	if (async_copy)
+		cleanup_async_copy(async_copy);
 	status = nfserrno(-ENOMEM);
 	if (!copy->cp_intra)
 		nfsd4_interssc_disconnect(copy->ss_mnt);