diff options
author | Jeff Layton <jlayton@redhat.com> | 2010-11-02 16:22:50 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2010-11-04 15:39:07 -0400 |
commit | d38922949d377da7d47473c7868334408ae3b373 (patch) | |
tree | 322cf984f274c45da08d57acc74d29bb5c5e5048 | |
parent | 6ef933a38ade555a175ecab9d803e6bb73399763 (diff) |
cifs: dereferencing first then checking
This patch is based on Dan's original patch. His original description is
below:
Smatch complained about a couple checking for NULL after dereferencing
bugs. I'm not super familiar with the code so I did the conservative
thing and move the dereferences after the checks.
The dereferences in cifs_lock() and cifs_fsync() were added in
ba00ba64cf0 "cifs: make various routines use the cifsFileInfo->tcon
pointer". The dereference in find_writable_file() was added in
6508d904e6f "cifs: have find_readable/writable_file filter by fsuid".
The comments there say it's possible to trigger the NULL dereference
under stress.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/file.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 71185d1d310..777e7f42b5b 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
@@ -754,12 +754,6 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock) | |||
754 | 754 | ||
755 | cifs_sb = CIFS_SB(file->f_path.dentry->d_sb); | 755 | cifs_sb = CIFS_SB(file->f_path.dentry->d_sb); |
756 | tcon = tlink_tcon(((struct cifsFileInfo *)file->private_data)->tlink); | 756 | tcon = tlink_tcon(((struct cifsFileInfo *)file->private_data)->tlink); |
757 | |||
758 | if (file->private_data == NULL) { | ||
759 | rc = -EBADF; | ||
760 | FreeXid(xid); | ||
761 | return rc; | ||
762 | } | ||
763 | netfid = ((struct cifsFileInfo *)file->private_data)->netfid; | 757 | netfid = ((struct cifsFileInfo *)file->private_data)->netfid; |
764 | 758 | ||
765 | if ((tcon->ses->capabilities & CAP_UNIX) && | 759 | if ((tcon->ses->capabilities & CAP_UNIX) && |
@@ -1154,7 +1148,7 @@ struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *cifs_inode, | |||
1154 | bool fsuid_only) | 1148 | bool fsuid_only) |
1155 | { | 1149 | { |
1156 | struct cifsFileInfo *open_file; | 1150 | struct cifsFileInfo *open_file; |
1157 | struct cifs_sb_info *cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb); | 1151 | struct cifs_sb_info *cifs_sb; |
1158 | bool any_available = false; | 1152 | bool any_available = false; |
1159 | int rc; | 1153 | int rc; |
1160 | 1154 | ||
@@ -1168,6 +1162,8 @@ struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *cifs_inode, | |||
1168 | return NULL; | 1162 | return NULL; |
1169 | } | 1163 | } |
1170 | 1164 | ||
1165 | cifs_sb = CIFS_SB(cifs_inode->vfs_inode.i_sb); | ||
1166 | |||
1171 | /* only filter by fsuid on multiuser mounts */ | 1167 | /* only filter by fsuid on multiuser mounts */ |
1172 | if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER)) | 1168 | if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER)) |
1173 | fsuid_only = false; | 1169 | fsuid_only = false; |