lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <3AD4F375-E9DE-485D-B2DA-A938AC4A3F0C@redhat.com>
Date:   Tue, 6 Nov 2018 21:00:09 +0800
From:   "Yan, Zheng" <zyan@...hat.com>
To:     Luis Henriques <lhenriques@...e.com>
Cc:     Sage Weil <sage@...hat.com>, Ilya Dryomov <idryomov@...il.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ceph: quota: fix null pointer dereference in quota check



> On Nov 5, 2018, at 19:00, Luis Henriques <lhenriques@...e.com> wrote:
> 
> This patch fixes a possible null pointer dereference in
> check_quota_exceeded, detected by the static checker smatch, with the
> following warning:
> 
>    fs/ceph/quota.c:240 check_quota_exceeded()
>     error: we previously assumed 'realm' could be null (see line 188)
> 
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Link: https://lkml.kernel.org/n/20181101065318.2cylxol6d444nzeu@kili.mountain
> Fixes: b7a2921765cf ("ceph: quota: support for ceph.quota.max_files")
> Signed-off-by: Luis Henriques <lhenriques@...e.com>
> ---
> fs/ceph/quota.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
> index 32d4f13784ba..03f4d24db8fe 100644
> --- a/fs/ceph/quota.c
> +++ b/fs/ceph/quota.c
> @@ -237,7 +237,8 @@ static bool check_quota_exceeded(struct inode *inode, enum quota_check_op op,
> 		ceph_put_snap_realm(mdsc, realm);
> 		realm = next;
> 	}
> -	ceph_put_snap_realm(mdsc, realm);
> +	if (realm)
> +		ceph_put_snap_realm(mdsc, realm);
> 	up_read(&mdsc->snap_rwsem);
> 
> 	return exceeded;

Applied, thanks.

Yan, Zheng


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ