[PATCH] ceph: fix an oops in error handling in ceph_netfs_issue_op
From: Jeff Layton
Date: Tue Feb 02 2021 - 08:11:59 EST
Dan reported a potential oops in the cleanup if ceph_osdc_new_request
returns an error. Eliminate the unneeded initialization of "req" and
then just set it to NULL in the case where it holds an ERR_PTR.
Also, drop the unneeded NULL check before calling
ceph_osdc_put_request.
Fixes: 1cf7fdf52d5a ("ceph: convert readpage to fscache read helper")
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Suggested-by: Ilya Dryomov <idryomov@xxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
fs/ceph/addr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 5eec6f66fe52..0dd64d31eff6 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -234,7 +234,7 @@ static void ceph_netfs_issue_op(struct netfs_read_subrequest *subreq)
struct inode *inode = rreq->mapping->host;
struct ceph_inode_info *ci = ceph_inode(inode);
struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
- struct ceph_osd_request *req = NULL;
+ struct ceph_osd_request *req;
struct ceph_vino vino = ceph_vino(inode);
struct iov_iter iter;
struct page **pages;
@@ -248,6 +248,7 @@ static void ceph_netfs_issue_op(struct netfs_read_subrequest *subreq)
NULL, ci->i_truncate_seq, ci->i_truncate_size, false);
if (IS_ERR(req)) {
err = PTR_ERR(req);
+ req = NULL;
goto out;
}
@@ -273,8 +274,7 @@ static void ceph_netfs_issue_op(struct netfs_read_subrequest *subreq)
if (err)
iput(inode);
out:
- if (req)
- ceph_osdc_put_request(req);
+ ceph_osdc_put_request(req);
if (err)
netfs_subreq_terminated(subreq, err);
dout("%s: result %d\n", __func__, err);
--
2.29.2