diff options
author | Namjae Jeon <linkinjeon@kernel.org> | 2023-10-11 23:29:49 +0900 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2023-10-12 22:44:09 -0500 |
commit | 414849040fcf11d45025b8ae26c9fd91da1465da (patch) | |
tree | 83c81166e6af582453646313edeeac0e1b07f3da /fs/smb/server/vfs_cache.c | |
parent | be0f89d4419dc5413a1cf06db3671c9949be0d52 (diff) | |
download | lwn-414849040fcf11d45025b8ae26c9fd91da1465da.tar.gz lwn-414849040fcf11d45025b8ae26c9fd91da1465da.zip |
ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
Coverity Scan report the following one. This report is a false alarm.
Because fp is never NULL when rc is zero. This patch add null check for fp
in ksmbd_update_fstate to make alarm silence.
*** CID 1568583: Null pointer dereferences (FORWARD_NULL)
/fs/smb/server/smb2pdu.c: 3408 in smb2_open()
3402 path_put(&path);
3403 path_put(&parent_path);
3404 }
3405 ksmbd_revert_fsids(work);
3406 err_out1:
3407 if (!rc) {
>>> CID 1568583: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "fp" to "ksmbd_update_fstate", which dereferences it.
3408 ksmbd_update_fstate(&work->sess->file_table, fp, FP_INITED);
3409 rc = ksmbd_iov_pin_rsp(work, (void *)rsp, iov_len);
3410 }
3411 if (rc) {
3412 if (rc == -EINVAL)
3413 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
Reported-by: Coverity Scan <scan-admin@coverity.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/smb/server/vfs_cache.c')
-rw-r--r-- | fs/smb/server/vfs_cache.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 1c5c39733652..c91eac6514dd 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -603,6 +603,9 @@ err_out: void ksmbd_update_fstate(struct ksmbd_file_table *ft, struct ksmbd_file *fp, unsigned int state) { + if (!fp) + return; + write_lock(&ft->lock); fp->f_state = state; write_unlock(&ft->lock); |