[RHEL7,COMMIT] fs/fuse kio_pcs: fix NULL pointer dereference in pcs_flushreq_complete()

Submitted by Konstantin Khorenko on July 25, 2018, 3:25 p.m.

Details

Message ID 201807251525.w6PFPsgq018882@finist_ce7.work
State New
Series "fs/fuse kio_pcs: fix NULL pointer dereference in pcs_flushreq_complete()"
Headers show

Commit Message

Konstantin Khorenko July 25, 2018, 3:25 p.m.
The commit is pushed to "branch-rh7-3.10.0-862.9.1.vz7.63.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.9.1.vz7.63.2
------>
commit 10a3ea98d1c2c2d863291459b58a2b0d661fedaa
Author: Pavel Butsykin <pbutsykin@virtuozzo.com>
Date:   Wed Jul 25 18:25:54 2018 +0300

    fs/fuse kio_pcs: fix NULL pointer dereference in pcs_flushreq_complete()
    
    To access ireq->cc->fc, we should use sreq instead of ireq (which in fact is
    the parent of sreq) because the parent can be NULL.
    
    https://pmc.acronis.com/browse/VSTOR-12570
    
    Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_map.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/fuse/kio/pcs/pcs_map.c b/fs/fuse/kio/pcs/pcs_map.c
index c07adb3b26d0..bd6a5a077d86 100644
--- a/fs/fuse/kio/pcs/pcs_map.c
+++ b/fs/fuse/kio/pcs/pcs_map.c
@@ -2842,7 +2842,7 @@  static void pcs_flushreq_complete(struct pcs_int_request * sreq)
 
 	if (!pcs_if_error(&sreq->error)) {
 		if (sync_is_finished(sreq->flushreq.msg, m)) {
-			FUSE_KTRACE(ireq->cc->fc, "finished");
+			FUSE_KTRACE(sreq->cc->fc, "finished");
 			goto done_dirty;
 		}
 		sreq->error.value = PCS_ERR_CSD_STALE_MAP;
@@ -2852,7 +2852,7 @@  static void pcs_flushreq_complete(struct pcs_int_request * sreq)
 
 	if (ireq && !pcs_if_error(&ireq->error)) {
 		if (ireq_check_redo(sreq)) {
-			FUSE_KTRACE(ireq->cc->fc, "restart after flush error %d", sreq->error.value);
+			FUSE_KTRACE(sreq->cc->fc, "restart after flush error %d", sreq->error.value);
 			if (map_version_compare(&ioh->map_version, &m->version) < 0)
 				sreq->flags &= ~IREQ_F_ONCE;
 			spin_unlock(&m->lock);
@@ -2868,7 +2868,7 @@  static void pcs_flushreq_complete(struct pcs_int_request * sreq)
 				ireq_delay(sreq);
 			return;
 		}
-		FUSE_KTRACE(ireq->cc->fc, "flush error %d", sreq->error.value);
+		FUSE_KTRACE(sreq->cc->fc, "flush error %d", sreq->error.value);
 		pcs_copy_error(&ireq->error, &sreq->error);
 		notify_error = 1;
 	}