Commit 182fe5abd8ebbb3a00c1be91f44e4783e139918c
Committed by
Steven Whitehouse
Steven Whitehouse
1 parent
105284970b
[GFS2] possible null pointer dereference fixup
gfs2_alloc_get may fail so we have to check it to prevent NULL pointer dereference. Signed-off-by: Cyrill Gorcunov <gorcunov@gamil.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Showing 7 changed files with 44 additions and 8 deletions Side-by-side Diff
fs/gfs2/bmap.c
| ... | ... | @@ -900,6 +900,8 @@ |
| 900 | 900 | int error; |
| 901 | 901 | |
| 902 | 902 | al = gfs2_alloc_get(ip); |
| 903 | + if (!al) | |
| 904 | + return -ENOMEM; | |
| 903 | 905 | |
| 904 | 906 | error = gfs2_quota_lock(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 905 | 907 | if (error) |
| ... | ... | @@ -1081,7 +1083,8 @@ |
| 1081 | 1083 | lblock = (size - 1) >> sdp->sd_sb.sb_bsize_shift; |
| 1082 | 1084 | |
| 1083 | 1085 | find_metapath(sdp, lblock, &mp, ip->i_height); |
| 1084 | - gfs2_alloc_get(ip); | |
| 1086 | + if (!gfs2_alloc_get(ip)) | |
| 1087 | + return -ENOMEM; | |
| 1085 | 1088 | |
| 1086 | 1089 | error = gfs2_quota_hold(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 1087 | 1090 | if (error) |
fs/gfs2/dir.c
| ... | ... | @@ -1868,11 +1868,14 @@ |
| 1868 | 1868 | if (!ht) |
| 1869 | 1869 | return -ENOMEM; |
| 1870 | 1870 | |
| 1871 | - gfs2_alloc_get(dip); | |
| 1871 | + if (!gfs2_alloc_get(dip)) { | |
| 1872 | + error = -ENOMEM; | |
| 1873 | + goto out; | |
| 1874 | + } | |
| 1872 | 1875 | |
| 1873 | 1876 | error = gfs2_quota_hold(dip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 1874 | 1877 | if (error) |
| 1875 | - goto out; | |
| 1878 | + goto out_put; | |
| 1876 | 1879 | |
| 1877 | 1880 | error = gfs2_rindex_hold(sdp, &dip->i_alloc->al_ri_gh); |
| 1878 | 1881 | if (error) |
| 1879 | 1882 | |
| ... | ... | @@ -1946,8 +1949,9 @@ |
| 1946 | 1949 | gfs2_glock_dq_uninit(&dip->i_alloc->al_ri_gh); |
| 1947 | 1950 | out_qs: |
| 1948 | 1951 | gfs2_quota_unhold(dip); |
| 1949 | -out: | |
| 1952 | +out_put: | |
| 1950 | 1953 | gfs2_alloc_put(dip); |
| 1954 | +out: | |
| 1951 | 1955 | kfree(ht); |
| 1952 | 1956 | return error; |
| 1953 | 1957 | } |
fs/gfs2/eattr.c
| ... | ... | @@ -318,6 +318,8 @@ |
| 318 | 318 | int error; |
| 319 | 319 | |
| 320 | 320 | al = gfs2_alloc_get(ip); |
| 321 | + if (!al) | |
| 322 | + return -ENOMEM; | |
| 321 | 323 | |
| 322 | 324 | error = gfs2_quota_hold(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 323 | 325 | if (error) |
| ... | ... | @@ -681,6 +683,8 @@ |
| 681 | 683 | int error; |
| 682 | 684 | |
| 683 | 685 | al = gfs2_alloc_get(ip); |
| 686 | + if (!al) | |
| 687 | + return -ENOMEM; | |
| 684 | 688 | |
| 685 | 689 | error = gfs2_quota_lock(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 686 | 690 | if (error) |
| ... | ... | @@ -1464,6 +1468,8 @@ |
| 1464 | 1468 | int error; |
| 1465 | 1469 | |
| 1466 | 1470 | al = gfs2_alloc_get(ip); |
| 1471 | + if (!al) | |
| 1472 | + return -ENOMEM; | |
| 1467 | 1473 | |
| 1468 | 1474 | error = gfs2_quota_hold(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 1469 | 1475 | if (error) |
fs/gfs2/inode.c
| ... | ... | @@ -351,6 +351,8 @@ |
| 351 | 351 | } |
| 352 | 352 | |
| 353 | 353 | al = gfs2_alloc_get(ip); |
| 354 | + if (!al) | |
| 355 | + return -ENOMEM; | |
| 354 | 356 | |
| 355 | 357 | error = gfs2_quota_hold(ip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 356 | 358 | if (error) |
| ... | ... | @@ -825,7 +827,8 @@ |
| 825 | 827 | int error; |
| 826 | 828 | |
| 827 | 829 | munge_mode_uid_gid(dip, &mode, &uid, &gid); |
| 828 | - gfs2_alloc_get(dip); | |
| 830 | + if (!gfs2_alloc_get(dip)) | |
| 831 | + return -ENOMEM; | |
| 829 | 832 | |
| 830 | 833 | error = gfs2_quota_lock(dip, uid, gid); |
| 831 | 834 | if (error) |
| ... | ... | @@ -860,6 +863,8 @@ |
| 860 | 863 | int error; |
| 861 | 864 | |
| 862 | 865 | al = gfs2_alloc_get(dip); |
| 866 | + if (!al) | |
| 867 | + return -ENOMEM; | |
| 863 | 868 | |
| 864 | 869 | error = gfs2_quota_lock(dip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 865 | 870 | if (error) |
fs/gfs2/ops_address.c
fs/gfs2/ops_inode.c
| ... | ... | @@ -200,6 +200,10 @@ |
| 200 | 200 | |
| 201 | 201 | if (alloc_required) { |
| 202 | 202 | struct gfs2_alloc *al = gfs2_alloc_get(dip); |
| 203 | + if (!al) { | |
| 204 | + error = -ENOMEM; | |
| 205 | + goto out_gunlock; | |
| 206 | + } | |
| 203 | 207 | |
| 204 | 208 | error = gfs2_quota_lock(dip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 205 | 209 | if (error) |
| ... | ... | @@ -716,6 +720,10 @@ |
| 716 | 720 | |
| 717 | 721 | if (alloc_required) { |
| 718 | 722 | struct gfs2_alloc *al = gfs2_alloc_get(ndip); |
| 723 | + if (!al) { | |
| 724 | + error = -ENOMEM; | |
| 725 | + goto out_gunlock; | |
| 726 | + } | |
| 719 | 727 | |
| 720 | 728 | error = gfs2_quota_lock(ndip, NO_QUOTA_CHANGE, NO_QUOTA_CHANGE); |
| 721 | 729 | if (error) |
| ... | ... | @@ -953,7 +961,8 @@ |
| 953 | 961 | if (!(attr->ia_valid & ATTR_GID) || ogid == ngid) |
| 954 | 962 | ogid = ngid = NO_QUOTA_CHANGE; |
| 955 | 963 | |
| 956 | - gfs2_alloc_get(ip); | |
| 964 | + if (!gfs2_alloc_get(ip)) | |
| 965 | + return -ENOMEM; | |
| 957 | 966 | |
| 958 | 967 | error = gfs2_quota_lock(ip, nuid, ngid); |
| 959 | 968 | if (error) |
fs/gfs2/quota.c
| ... | ... | @@ -617,8 +617,9 @@ |
| 617 | 617 | int err = -EIO; |
| 618 | 618 | |
| 619 | 619 | if (gfs2_is_stuffed(ip)) { |
| 620 | - struct gfs2_alloc *al = NULL; | |
| 621 | - al = gfs2_alloc_get(ip); | |
| 620 | + struct gfs2_alloc *al = gfs2_alloc_get(ip); | |
| 621 | + if (!al) | |
| 622 | + return -ENOMEM; | |
| 622 | 623 | /* just request 1 blk */ |
| 623 | 624 | al->al_requested = 1; |
| 624 | 625 | gfs2_inplace_reserve(ip); |
| ... | ... | @@ -729,6 +730,10 @@ |
| 729 | 730 | |
| 730 | 731 | if (nalloc) { |
| 731 | 732 | al = gfs2_alloc_get(ip); |
| 733 | + if (!al) { | |
| 734 | + error = -ENOMEM; | |
| 735 | + goto out_gunlock; | |
| 736 | + } | |
| 732 | 737 | |
| 733 | 738 | al->al_requested = nalloc * (data_blocks + ind_blocks); |
| 734 | 739 |