Commit f6360efb83cd6dd1476cd758834c8277508c1f15
Committed by
J. Bruce Fields
J. Bruce Fields
1 parent
f632265d0f
Exists in
master
and in
4 other branches
nfsd: fix NULL dereference in nfsd_statfs()
The commit ebabe9a9001af0af56c0c2780ca1576246e7a74b pass a struct path to vfs_statfs introduced the struct path initialization, and this seems to trigger an Oops on my machine. fh_dentry field may be NULL and set later in fh_verify(), thus the initialization of path must be after fh_verify(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Minchan Kim <minchan.kim@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Showing 1 changed file with 8 additions and 6 deletions Side-by-side Diff
fs/nfsd/vfs.c
| ... | ... | @@ -2033,15 +2033,17 @@ |
| 2033 | 2033 | __be32 |
| 2034 | 2034 | nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access) |
| 2035 | 2035 | { |
| 2036 | - struct path path = { | |
| 2037 | - .mnt = fhp->fh_export->ex_path.mnt, | |
| 2038 | - .dentry = fhp->fh_dentry, | |
| 2039 | - }; | |
| 2040 | 2036 | __be32 err; |
| 2041 | 2037 | |
| 2042 | 2038 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access); |
| 2043 | - if (!err && vfs_statfs(&path, stat)) | |
| 2044 | - err = nfserr_io; | |
| 2039 | + if (!err) { | |
| 2040 | + struct path path = { | |
| 2041 | + .mnt = fhp->fh_export->ex_path.mnt, | |
| 2042 | + .dentry = fhp->fh_dentry, | |
| 2043 | + }; | |
| 2044 | + if (vfs_statfs(&path, stat)) | |
| 2045 | + err = nfserr_io; | |
| 2046 | + } | |
| 2045 | 2047 | return err; |
| 2046 | 2048 | } |
| 2047 | 2049 |