AFS: Stop readlink() on AFS crashing due to NULL 'file' ptr
authorDavid Howells <dhowells@redhat.com>
Thu, 27 Aug 2009 12:09:06 +0000 (13:09 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 27 Aug 2009 19:22:08 +0000 (12:22 -0700)
kAFS crashes when asked to read a symbolic link because page_getlink()
passes a NULL file pointer to read_mapping_page(), but afs_readpage()
expects a file pointer from which to extract a key.

Modify afs_readpage() to request the appropriate key from the calling
process's keyrings if a file struct is not supplied with one attached.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/afs/file.c

index 0149dab365e722c95f466e7e5d17f94cab8b9e70..681c2a7b013fc3c06bfa2d0d75d05804eafb8ffb 100644 (file)
@@ -134,9 +134,16 @@ static int afs_readpage(struct file *file, struct page *page)
 
        inode = page->mapping->host;
 
-       ASSERT(file != NULL);
-       key = file->private_data;
-       ASSERT(key != NULL);
+       if (file) {
+               key = file->private_data;
+               ASSERT(key != NULL);
+       } else {
+               key = afs_request_key(AFS_FS_S(inode->i_sb)->volume->cell);
+               if (IS_ERR(key)) {
+                       ret = PTR_ERR(key);
+                       goto error_nokey;
+               }
+       }
 
        _enter("{%x},{%lu},{%lu}", key_serial(key), inode->i_ino, page->index);
 
@@ -207,12 +214,17 @@ static int afs_readpage(struct file *file, struct page *page)
                unlock_page(page);
        }
 
+       if (!file)
+               key_put(key);
        _leave(" = 0");
        return 0;
 
 error:
        SetPageError(page);
        unlock_page(page);
+       if (!file)
+               key_put(key);
+error_nokey:
        _leave(" = %d", ret);
        return ret;
 }