UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

fuse: fix one null ptr issue in fuse_dev_ioctl 

commit opencloudos.

In this code snippet, there is a potential risk when cmd is
FUSE_DEV_IOC_RECOVERY, and either fud or fud->fc is empty. This
could lead to severe null pointer issues, so we perform a non-null
check before using them.

Fixes: e1c207b3e7cdfd98("fuse: add a dev ioctl for recovery")
Signed-off-by: Xinghui Li <korantli@tencent.com>
This commit is contained in:
Xinghui Li 2023-05-24 17:02:34 +08:00 committed by Jianping Liu
parent 89f94b88f4
commit d285a21e4e
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fs/fuse/dev.c
View File

@ -2257,12 +2257,18 @@ static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
}
if (cmd == FUSE_DEV_IOC_RECOVERY) {
struct fuse_dev *fud = fuse_get_dev(file);
struct fuse_iqueue *fiq = &fud->fc->iq;
struct fuse_pqueue *fpq = &fud->pq;
struct fuse_iqueue *fiq = NULL;
struct fuse_pqueue *fpq = NULL;
struct fuse_req *req, *next;
LIST_HEAD(recovery);
unsigned int i;
if (fud && fud->fc) {
fiq = &fud->fc->iq;
fpq = &fud->pq;
} else
return -ENOMEM;
spin_lock(&fpq->lock);
for (i = 0; i < FUSE_PQ_HASH_SIZE; i++)
list_splice_tail_init(&fpq->processing[i],
@ -2278,7 +2284,7 @@ static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
list_splice(&recovery, &fiq->pending);
spin_unlock(&fiq->lock);
err = 0;
}
}
return err;
}