[Devel] [PATCH RHEL7 COMMIT] fs/fuse kio_pcs: fix NULL pointer dereference inside a dead map

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jul 13 15:28:41 MSK 2018 

The commit is pushed to "branch-rh7-3.10.0-862.6.3.vz7.62.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.6.3.vz7.62.3
------>
commit efe4c8aa2739b381655e0d95a97b7937a3712b42
Author: Pavel Butsykin <pbutsykin at virtuozzo.com>
Date:   Fri Jul 13 15:28:40 2018 +0300

    fs/fuse kio_pcs: fix NULL pointer dereference inside a dead map
    
    Following this patch:
     commit 9b7aca26400412c1881ee3dab03c8abf554934e3
     Author: Kirill Tkhai <ktkhai at virtuozzo.com>
     Date:   Tue Jul 10 19:16:36 2018 +0300
    
        fuse kio: Fix NULL pointer dereference in pcs_map_get_locked()
    
        MAP_ARGS() contains reference to struct pcs_map_entry::mapping,
        which can be NULL in case of map dead.
    
    Let's fix NULL pointer dereference in two other similar places.
    
    Signed-off-by: Pavel Butsykin <pbutsykin at virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_map.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/fuse/kio/pcs/pcs_map.c b/fs/fuse/kio/pcs/pcs_map.c
index c61d68152003..fa4edd37d0e1 100644
--- a/fs/fuse/kio/pcs/pcs_map.c
+++ b/fs/fuse/kio/pcs/pcs_map.c
@@ -1058,8 +1058,8 @@ void pcs_map_complete(struct pcs_map_entry *m, struct pcs_ioc_getmap *omap)
 
 	spin_lock(&m->lock);
 
-	TRACE(" recv m: " MAP_FMT " resp{ st:%d, err:%d, v:" VER_FMT "}\n",
-	       MAP_ARGS(m), omap->state, omap->error.value, VER_ARGS(omap->version));
+	TRACE(" recv m:%p, state:%x resp{ st:%d, err:%d, v:" VER_FMT "}\n",
+	      m, m->state, omap->state, omap->error.value, VER_ARGS(omap->version));
 
 	if (pcs_if_error(&omap->error))
 		goto error;
@@ -1068,6 +1068,7 @@ void pcs_map_complete(struct pcs_map_entry *m, struct pcs_ioc_getmap *omap)
 		spin_unlock(&m->lock);
 		goto out_ignore;
 	}
+	TRACE("dentry: "DENTRY_FMT, DENTRY_ARGS(pcs_dentry_from_map(m)));
 
 	error_sensed = m->state & PCS_MAP_ERROR;
 
@@ -1196,7 +1197,7 @@ static void pcs_map_queue_resolve(struct pcs_map_entry * m, struct pcs_int_reque
 	LIST_HEAD(l);
 	int ret;
 
-	DTRACE("enter m: " MAP_FMT ", ireq:%p dir:%d \n", MAP_ARGS(m), ireq,   direction);
+	DTRACE("enter m:%p, state:%x, ireq:%p dir:%d \n", m, m->state, ireq, direction);
 
 	spin_lock(&m->lock);
 	/* This should not happen unless aio_dio/fsync vs truncate race */
@@ -1206,6 +1207,7 @@ static void pcs_map_queue_resolve(struct pcs_map_entry * m, struct pcs_int_reque
 		pcs_ireq_queue_fail(&l, PCS_ERR_NET_ABORT);
 		return;
 	}
+	DTRACE("dentry: "DENTRY_FMT, DENTRY_ARGS(pcs_dentry_from_map(m)));
 	DTRACE("%p {%p %p}\n",ireq,  ireq->list.next, ireq->list.prev);
 	BUG_ON(!list_empty(&ireq->list));

More information about the Devel mailing list