summaryrefslogtreecommitdiff
path: root/fs/coda
diff options
context:
space:
mode:
authorJan Harkes <jaharkes@cs.cmu.edu>2021-11-08 18:34:30 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2021-11-09 10:02:51 -0800
commit18319cb478de23340fdcb6385b0cc074a5416da7 (patch)
tree998c98b3a19a6df88e0144a68658fe55977d072f /fs/coda
parent8bc2b3dca7292347d8e715fb723c587134abe013 (diff)
downloadlwn-18319cb478de23340fdcb6385b0cc074a5416da7.tar.gz
lwn-18319cb478de23340fdcb6385b0cc074a5416da7.zip
coda: avoid NULL pointer dereference from a bad inode
Patch series "Coda updates for -next". The following patch series contains some fixes for the Coda kernel module I've had sitting around and were tested extensively in a development version of the Coda kernel module that lives outside of the main kernel. This patch (of 9): Avoid accessing coda_inode_info from a dentry with a bad inode. Link: https://lkml.kernel.org/r/20210908140308.18491-1-jaharkes@cs.cmu.edu Link: https://lkml.kernel.org/r/20210908140308.18491-2-jaharkes@cs.cmu.edu Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu> Cc: Alex Shi <alex.shi@linux.alibaba.com> Cc: Jing Yangyang <jing.yangyang@zte.com.cn> Cc: Xin Tan <tanxin.ctf@gmail.com> Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn> Cc: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/coda')
-rw-r--r--fs/coda/dir.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/fs/coda/dir.c b/fs/coda/dir.c
index d69989c1bac3..3fd085009f26 100644
--- a/fs/coda/dir.c
+++ b/fs/coda/dir.c
@@ -499,15 +499,20 @@ out:
*/
static int coda_dentry_delete(const struct dentry * dentry)
{
- int flags;
+ struct inode *inode;
+ struct coda_inode_info *cii;
if (d_really_is_negative(dentry))
return 0;
- flags = (ITOC(d_inode(dentry))->c_flags) & C_PURGE;
- if (is_bad_inode(d_inode(dentry)) || flags) {
+ inode = d_inode(dentry);
+ if (!inode || is_bad_inode(inode))
return 1;
- }
+
+ cii = ITOC(inode);
+ if (cii->c_flags & C_PURGE)
+ return 1;
+
return 0;
}