* [patch] nfsd: fix NULL dereference in setattr()
@ 2010-10-27 21:19 Dan Carpenter
2010-10-27 21:50 ` J. Bruce Fields
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2010-10-27 21:19 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: Neil Brown, linux-nfs, kernel-janitors
The original code would oops if this were called from nfsd4_setattr()
because "filpp" is NULL.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 9019e8e..e044d04 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3083,9 +3083,10 @@ nfs4_preprocess_stateid_op(struct nfsd4_compound_state *cstate,
if (status)
goto out;
renew_client(dp->dl_client);
- if (filpp)
+ if (filpp) {
*filpp = find_readable_file(dp->dl_file);
- BUG_ON(!*filpp);
+ BUG_ON(!*filpp);
+ }
} else { /* open or lock stateid */
stp = find_stateid(stateid, flags);
if (!stp)
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [patch] nfsd: fix NULL dereference in setattr()
2010-10-27 21:19 [patch] nfsd: fix NULL dereference in setattr() Dan Carpenter
@ 2010-10-27 21:50 ` J. Bruce Fields
2010-10-27 22:20 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2010-10-27 21:50 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Neil Brown, linux-nfs, kernel-janitors
On Wed, Oct 27, 2010 at 11:19:04PM +0200, Dan Carpenter wrote:
> The original code would oops if this were called from nfsd4_setattr()
> because "filpp" is NULL.
I believe it's impossible to reach this case: we never give out write
delegations, so the preceding nfs4_check_delegmode will always fail when
called from setattr.
We should do this anyway, but I'll probably queue it up for the next
merge window.
--b.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 9019e8e..e044d04 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -3083,9 +3083,10 @@ nfs4_preprocess_stateid_op(struct nfsd4_compound_state *cstate,
> if (status)
> goto out;
> renew_client(dp->dl_client);
> - if (filpp)
> + if (filpp) {
> *filpp = find_readable_file(dp->dl_file);
> - BUG_ON(!*filpp);
> + BUG_ON(!*filpp);
> + }
> } else { /* open or lock stateid */
> stp = find_stateid(stateid, flags);
> if (!stp)
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [patch] nfsd: fix NULL dereference in setattr()
2010-10-27 21:50 ` J. Bruce Fields
@ 2010-10-27 22:20 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2010-10-27 22:20 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: Neil Brown, linux-nfs, kernel-janitors
On Wed, Oct 27, 2010 at 05:50:25PM -0400, J. Bruce Fields wrote:
> On Wed, Oct 27, 2010 at 11:19:04PM +0200, Dan Carpenter wrote:
> > The original code would oops if this were called from nfsd4_setattr()
> > because "filpp" is NULL.
>
> I believe it's impossible to reach this case: we never give out write
> delegations, so the preceding nfs4_check_delegmode will always fail when
> called from setattr.
>
> We should do this anyway, but I'll probably queue it up for the next
> merge window.
Sounds good. This was a static checker patch not a run time bug (as
you obviously realized).
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-10-27 22:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-27 21:19 [patch] nfsd: fix NULL dereference in setattr() Dan Carpenter
2010-10-27 21:50 ` J. Bruce Fields
2010-10-27 22:20 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).