summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Harkes <jaharkes@cs.cmu.edu>2021-11-09 03:34:33 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2021-11-09 19:02:51 +0100
commit3d8e72d97411370aab662e85e2c3a7b26555179c (patch)
tree5eb17be189aacdc39a6d3d1060998280fcbe5ffa
parentcoda: avoid NULL pointer dereference from a bad inode (diff)
downloadlinux-3d8e72d97411370aab662e85e2c3a7b26555179c.tar.xz
linux-3d8e72d97411370aab662e85e2c3a7b26555179c.zip
coda: check for async upcall request using local state
Originally flagged by Smatch because the code implicitly assumed outSize is not NULL for non-async upcalls because of a flag that was (not) set in req->uc_flags. However req->uc_flags field is in shared state and although the current code will not allow it to be changed before the async request check the code is more robust when it tests against the local outSize variable. Link: https://lkml.kernel.org/r/20210908140308.18491-3-jaharkes@cs.cmu.edu Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu> Cc: Alex Shi <alex.shi@linux.alibaba.com> Cc: Jing Yangyang <jing.yangyang@zte.com.cn> Cc: Xin Tan <tanxin.ctf@gmail.com> Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn> Cc: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/coda/upcall.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c
index eb3b1898da46..59f6cfd06f96 100644
--- a/fs/coda/upcall.c
+++ b/fs/coda/upcall.c
@@ -744,7 +744,8 @@ static int coda_upcall(struct venus_comm *vcp,
list_add_tail(&req->uc_chain, &vcp->vc_pending);
wake_up_interruptible(&vcp->vc_waitq);
- if (req->uc_flags & CODA_REQ_ASYNC) {
+ /* We can return early on asynchronous requests */
+ if (outSize == NULL) {
mutex_unlock(&vcp->vc_mutex);
return 0;
}