diff options
author | Jan Harkes <jaharkes@cs.cmu.edu> | 2021-11-08 18:34:30 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-09 10:02:51 -0800 |
commit | 18319cb478de23340fdcb6385b0cc074a5416da7 (patch) | |
tree | 998c98b3a19a6df88e0144a68658fe55977d072f /fs/coda | |
parent | 8bc2b3dca7292347d8e715fb723c587134abe013 (diff) | |
download | lwn-18319cb478de23340fdcb6385b0cc074a5416da7.tar.gz lwn-18319cb478de23340fdcb6385b0cc074a5416da7.zip |
coda: avoid NULL pointer dereference from a bad inode
Patch series "Coda updates for -next".
The following patch series contains some fixes for the Coda kernel module
I've had sitting around and were tested extensively in a development
version of the Coda kernel module that lives outside of the main kernel.
This patch (of 9):
Avoid accessing coda_inode_info from a dentry with a bad inode.
Link: https://lkml.kernel.org/r/20210908140308.18491-1-jaharkes@cs.cmu.edu
Link: https://lkml.kernel.org/r/20210908140308.18491-2-jaharkes@cs.cmu.edu
Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
Cc: Alex Shi <alex.shi@linux.alibaba.com>
Cc: Jing Yangyang <jing.yangyang@zte.com.cn>
Cc: Xin Tan <tanxin.ctf@gmail.com>
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/coda')
-rw-r--r-- | fs/coda/dir.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/fs/coda/dir.c b/fs/coda/dir.c index d69989c1bac3..3fd085009f26 100644 --- a/fs/coda/dir.c +++ b/fs/coda/dir.c @@ -499,15 +499,20 @@ out: */ static int coda_dentry_delete(const struct dentry * dentry) { - int flags; + struct inode *inode; + struct coda_inode_info *cii; if (d_really_is_negative(dentry)) return 0; - flags = (ITOC(d_inode(dentry))->c_flags) & C_PURGE; - if (is_bad_inode(d_inode(dentry)) || flags) { + inode = d_inode(dentry); + if (!inode || is_bad_inode(inode)) return 1; - } + + cii = ITOC(inode); + if (cii->c_flags & C_PURGE) + return 1; + return 0; } |