summaryrefslogtreecommitdiff
path: root/fs/smb/server/vfs_cache.c
diff options
context:
space:
mode:
authorNamjae Jeon <linkinjeon@kernel.org>2023-10-11 23:29:49 +0900
committerSteve French <stfrench@microsoft.com>2023-10-12 22:44:09 -0500
commit414849040fcf11d45025b8ae26c9fd91da1465da (patch)
tree83c81166e6af582453646313edeeac0e1b07f3da /fs/smb/server/vfs_cache.c
parentbe0f89d4419dc5413a1cf06db3671c9949be0d52 (diff)
downloadlwn-414849040fcf11d45025b8ae26c9fd91da1465da.tar.gz
lwn-414849040fcf11d45025b8ae26c9fd91da1465da.zip
ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
Coverity Scan report the following one. This report is a false alarm. Because fp is never NULL when rc is zero. This patch add null check for fp in ksmbd_update_fstate to make alarm silence. *** CID 1568583: Null pointer dereferences (FORWARD_NULL) /fs/smb/server/smb2pdu.c: 3408 in smb2_open() 3402 path_put(&path); 3403 path_put(&parent_path); 3404 } 3405 ksmbd_revert_fsids(work); 3406 err_out1: 3407 if (!rc) { >>> CID 1568583: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "fp" to "ksmbd_update_fstate", which dereferences it. 3408 ksmbd_update_fstate(&work->sess->file_table, fp, FP_INITED); 3409 rc = ksmbd_iov_pin_rsp(work, (void *)rsp, iov_len); 3410 } 3411 if (rc) { 3412 if (rc == -EINVAL) 3413 rsp->hdr.Status = STATUS_INVALID_PARAMETER; Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound") Reported-by: Coverity Scan <scan-admin@coverity.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/smb/server/vfs_cache.c')
-rw-r--r--fs/smb/server/vfs_cache.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c
index 1c5c39733652..c91eac6514dd 100644
--- a/fs/smb/server/vfs_cache.c
+++ b/fs/smb/server/vfs_cache.c
@@ -603,6 +603,9 @@ err_out:
void ksmbd_update_fstate(struct ksmbd_file_table *ft, struct ksmbd_file *fp,
unsigned int state)
{
+ if (!fp)
+ return;
+
write_lock(&ft->lock);
fp->f_state = state;
write_unlock(&ft->lock);