[PATCH 003/124] staging: lustre: ldlm: fix a use after free in ldlm_resource_get()
From: James Simmons
Date: Sun Sep 18 2016 - 16:39:22 EST
From: John L. Hammond <john.hammond@xxxxxxxxx>
If lvbo initialization has failed then save the return status (from
lr_lvb_len) before putting the resource.
Signed-off-by: John L. Hammond <john.hammond@xxxxxxxxx>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5305
Reviewed-on: http://review.whamcloud.com/11017
Reviewed-by: Andreas Dilger <andreas.dilger@xxxxxxxxx>
Reviewed-by: Emoly Liu <emoly.liu@xxxxxxxxx>
Reviewed-by: Dmitry Eremin <dmitry.eremin@xxxxxxxxx>
Signed-off-by: James Simmons <jsimmons@xxxxxxxxxxxxx>
---
drivers/staging/lustre/lustre/ldlm/ldlm_resource.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c b/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c
index 62d9f6f..912cd68 100644
--- a/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c
+++ b/drivers/staging/lustre/lustre/ldlm/ldlm_resource.c
@@ -1091,6 +1091,7 @@ ldlm_resource_get(struct ldlm_namespace *ns, struct ldlm_resource *parent,
struct cfs_hash_bd bd;
__u64 version;
int ns_refcount = 0;
+ int rc;
LASSERT(!parent);
LASSERT(ns->ns_rs_hash);
@@ -1140,8 +1141,9 @@ lvbo_init:
}
if (unlikely(res->lr_lvb_len < 0)) {
+ rc = res->lr_lvb_len;
ldlm_resource_putref(res);
- res = ERR_PTR(res->lr_lvb_len);
+ res = ERR_PTR(rc);
}
return res;
}
@@ -1152,8 +1154,6 @@ lvbo_init:
cfs_hash_bd_unlock(ns->ns_rs_hash, &bd, 1);
if (ns->ns_lvbo && ns->ns_lvbo->lvbo_init) {
- int rc;
-
OBD_FAIL_TIMEOUT(OBD_FAIL_LDLM_CREATE_RESOURCE, 2);
rc = ns->ns_lvbo->lvbo_init(res);
if (rc < 0) {
--
1.7.1