lustre: Unsafe error handling around ll_splice_alias
authorSwapnil Pimpale <spimpale@ddn.com>
Sun, 9 Feb 2014 07:51:46 +0000 (02:51 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 11 Feb 2014 20:09:57 +0000 (12:09 -0800)
Callers of ll_splice_alias() should not assign the returned pointer to
the dentry since it can be an err pointer. Fixed the above bug using a
temporary dentry pointer. This temporary pointer is assigned to dentry
only if ll_splice_alias has not returned an err pointer.

Signed-off-by: Swapnil Pimpale <spimpale@ddn.com>
Reviewed-on: http://review.whamcloud.com/7460
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3807
Reviewed-by: Fan Yong <fan.yong@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/lustre/lustre/llite/namei.c
drivers/staging/lustre/lustre/llite/statahead.c

index 1d03a6f8e4ad25559a31a8f426748907ce63ea89..8938d37feca71ac3a808a1eb67ad11dd2d0ea19b 100644 (file)
@@ -462,9 +462,12 @@ int ll_lookup_it_finish(struct ptlrpc_request *request,
         * Atoimc_open may passin hashed dentries for open.
         */
        if (d_unhashed(*de)) {
-               *de = ll_splice_alias(inode, *de);
-               if (IS_ERR(*de))
-                       return PTR_ERR(*de);
+               struct dentry *alias;
+
+               alias = ll_splice_alias(inode, *de);
+               if (IS_ERR(alias))
+                       return PTR_ERR(alias);
+               *de = alias;
        }
 
        if (!it_disposition(it, DISP_LOOKUP_NEG)) {
index 183b4157a7d8fd05eb65f2aedbf16c8ee158cd55..ad61ad446f221c90ac954a3f495306f083445859 100644 (file)
@@ -1585,12 +1585,15 @@ int do_statahead_enter(struct inode *dir, struct dentry **dentryp,
                                                ll_inode2fid(inode), &bits);
                        if (rc == 1) {
                                if ((*dentryp)->d_inode == NULL) {
-                                       *dentryp = ll_splice_alias(inode,
+                                       struct dentry *alias;
+
+                                       alias = ll_splice_alias(inode,
                                                                   *dentryp);
-                                       if (IS_ERR(*dentryp)) {
+                                       if (IS_ERR(alias)) {
                                                ll_sai_unplug(sai, entry);
-                                               return PTR_ERR(*dentryp);
+                                               return PTR_ERR(alias);
                                        }
+                                       *dentryp = alias;
                                } else if ((*dentryp)->d_inode != inode) {
                                        /* revalidate, but inode is recreated */
                                        CDEBUG(D_READA,