Orangefs: do not finalize bufmap if it was never initialized.

Found by the infant Orangefs fuzzer...

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>

diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c
index dc2e2ce7e943f1d54921acf6a2f13699f02339a0..4d7ab7cb08f7e72d48d768253a4c9ffdd51469b3 100644 (file)
--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -600,7 +600,8 @@ static int orangefs_devreq_release(struct inode *inode, struct file *file)
                     __func__);
 
        mutex_lock(&devreq_mutex);
-       orangefs_bufmap_finalize();
+       if (get_bufmap_init())
+               orangefs_bufmap_finalize();
 
        open_access_count--;
 
@@ -692,7 +693,13 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg)
                                     (struct ORANGEFS_dev_map_desc __user *)
                                     arg,
                                     sizeof(struct ORANGEFS_dev_map_desc));
-               return ret ? -EIO : orangefs_bufmap_initialize(&user_desc);
+               if (get_bufmap_init()) {
+                       return -EINVAL;
+               } else {
+                       return ret ?
+                              -EIO :
+                              orangefs_bufmap_initialize(&user_desc);
+               }
        case ORANGEFS_DEV_REMOUNT_ALL:
                gossip_debug(GOSSIP_DEV_DEBUG,
                             "%s: got ORANGEFS_DEV_REMOUNT_ALL\n",