[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220504153113.829524458@linuxfoundation.org>
Date: Wed, 4 May 2022 18:44:39 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Xiubo Li <xiubli@...hat.com>,
Jeff Layton <jlayton@...nel.org>,
Aaron Tomlin <atomlin@...hat.com>,
Ilya Dryomov <idryomov@...il.com>
Subject: [PATCH 5.17 041/225] ceph: fix possible NULL pointer dereference for req->r_session
From: Xiubo Li <xiubli@...hat.com>
commit 7acae6183cf37c48b8da48bbbdb78820fb3913f3 upstream.
The request will be inserted into the ci->i_unsafe_dirops before
assigning the req->r_session, so it's possible that we will hit
NULL pointer dereference bug here.
Cc: stable@...r.kernel.org
URL: https://tracker.ceph.com/issues/55327
Signed-off-by: Xiubo Li <xiubli@...hat.com>
Reviewed-by: Jeff Layton <jlayton@...nel.org>
Tested-by: Aaron Tomlin <atomlin@...hat.com>
Signed-off-by: Ilya Dryomov <idryomov@...il.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/ceph/caps.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2267,6 +2267,8 @@ retry:
list_for_each_entry(req, &ci->i_unsafe_dirops,
r_unsafe_dir_item) {
s = req->r_session;
+ if (!s)
+ continue;
if (unlikely(s->s_mds >= max_sessions)) {
spin_unlock(&ci->i_unsafe_lock);
for (i = 0; i < max_sessions; i++) {
@@ -2287,6 +2289,8 @@ retry:
list_for_each_entry(req, &ci->i_unsafe_iops,
r_unsafe_target_item) {
s = req->r_session;
+ if (!s)
+ continue;
if (unlikely(s->s_mds >= max_sessions)) {
spin_unlock(&ci->i_unsafe_lock);
for (i = 0; i < max_sessions; i++) {
Powered by blists - more mailing lists