From patchwork Wed Dec 4 20:13:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olga Kornievskaia X-Patchwork-Id: 11273521 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 32623159A for ; Wed, 4 Dec 2019 20:14:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1048920803 for ; Wed, 4 Dec 2019 20:14:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="O6wRL5TV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728068AbfLDUOC (ORCPT ); Wed, 4 Dec 2019 15:14:02 -0500 Received: from mail-yw1-f68.google.com ([209.85.161.68]:34839 "EHLO mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727033AbfLDUOC (ORCPT ); Wed, 4 Dec 2019 15:14:02 -0500 Received: by mail-yw1-f68.google.com with SMTP id i190so258504ywc.2 for ; Wed, 04 Dec 2019 12:14:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mEvf+peCGVw75eQ2JbDVrUErRePsnis5N3Fg/DZCN7A=; b=O6wRL5TVgKQEYbF95MvAIDCu2s6OmxHTLzfKfvqi4ZrWeuKF/1Lqk1drczZFqADVLP kEPQxcHpB3mb8OzULlIW1557lpS7L2WRL++v+pPxCBGB/CgrdHBbZUWyjNYWZwERCTKd /9CcO3kfDZ4CeaKiDbwpqOIm/pqnRQU6mYILASWV5fu0hlBKsMV3pPt+ahchGfRmshFJ j9BC0JqeEDb2ZXiPPOIqlNqCrRL3cWdXywIsO+GrABztvXz3IJT7ne0s44tEyO9PfSfp uRlI74r/TKA2Fl6IoDvzGtGBqT+xkspMARSZ209L+OPBHLotHHxgYgIsfq6V20rcQub0 /2uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mEvf+peCGVw75eQ2JbDVrUErRePsnis5N3Fg/DZCN7A=; b=lp/DFHZfRnW7ECNg+nMd/TdQ9GsxzjANkDd7x/wderfU9zQhxkiNQ2qer/0dPmMoLy q9Qxbnv/V7CYwfF2DyddrcXqY+SRkY53dSWzUdEX7E2jUQV52tkfaThalUub1ocpL702 z93Ec0mrziKSaSghxmtUD3oT9pcTbrkSe2HuyWqqQJ/WzUQa2Os5vGlJh4Znl+FUepFW fWfDKK9duccgduwui0jMR4tOEsYmUcMgRpGvabXeY/pjyhdslTwZgz15ZQzpMTfSkT97 ZqbInXZZ7vWtsYSD/orWRCeGxtQwowjCX3D1mNSkd9qEAouekRsMq0VCsyu2jdfdZtvv 7F/Q== X-Gm-Message-State: APjAAAVUMoV+tXYhecwjbZ/4WyWBNXri1tgfKzbL7a/ZwojlRUUdT2h2 gvjVDj/jjEIs3VZNUUu/2ykzGqqm X-Google-Smtp-Source: APXvYqxQ0LhbD+ttdHVCwb2hOP9wSGAVSACZX+Z2/ZKWTLaAWvgE+ytUbiOFgD8cVszLIfkvLXHiGA== X-Received: by 2002:a0d:d516:: with SMTP id x22mr3477924ywd.257.1575490441371; Wed, 04 Dec 2019 12:14:01 -0800 (PST) Received: from Olgas-MBP-201.attlocal.net (172-10-226-31.lightspeed.livnmi.sbcglobal.net. [172.10.226.31]) by smtp.gmail.com with ESMTPSA id o69sm3496446ywd.38.2019.12.04.12.14.00 (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 04 Dec 2019 12:14:00 -0800 (PST) From: Olga Kornievskaia To: bfields@redhat.com Cc: linux-nfs@vger.kernel.org Subject: [PATCH 3/3] NFSD fixing possible null pointer derefering in copy offload Date: Wed, 4 Dec 2019 15:13:54 -0500 Message-Id: <20191204201354.17557-4-olga.kornievskaia@gmail.com> X-Mailer: git-send-email 2.10.1 (Apple Git-78) In-Reply-To: <20191204201354.17557-1-olga.kornievskaia@gmail.com> References: <20191204201354.17557-1-olga.kornievskaia@gmail.com> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Static checker revealed possible error path leading to possible NULL pointer dereferencing. Reported-by: Dan Carpenter Fixes: e0639dc5805a: ("NFSD introduce async copy feature") Signed-off-by: Olga Kornievskaia --- fs/nfsd/nfs4proc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 187cef6..d33c39c 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1446,7 +1446,8 @@ static void cleanup_async_copy(struct nfsd4_copy *copy) { nfs4_free_copy_state(copy); nfsd_file_put(copy->nf_dst); - nfsd_file_put(copy->nf_src); + if (copy->cp_intra) + nfsd_file_put(copy->nf_src); spin_lock(©->cp_clp->async_lock); list_del(©->copies); spin_unlock(©->cp_clp->async_lock); @@ -1551,7 +1552,8 @@ static int nfsd4_do_async_copy(void *data) out: return status; out_err: - cleanup_async_copy(async_copy); + if (async_copy) + cleanup_async_copy(async_copy); status = nfserrno(-ENOMEM); if (!copy->cp_intra) nfsd4_interssc_disconnect(copy->ss_mnt);