diff mbox series

[2/3] virtiofsd: check whether lo_map_reserve returns NULL in, main func

Message ID 48887813-1c95-048c-6d10-48e3dd2bac71@huawei.com
State New
Headers show
Series virtiofsd: fix some accessing NULL pointer problem | expand

Commit Message

Haotian Li Nov. 11, 2020, 1:09 a.m. UTC 
In main func, func lo_map_reserve is called without NULL check.
If reallocing new_elems fails in func lo_map_grow, the func
lo_map_reserve may return NULL. We should check whether
lo_map_reserve returns NULL before using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/passthrough_ll.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--

Comments

Dr. David Alan Gilbert Nov. 11, 2020, 7:52 p.m. UTC | #1 
* Haotian Li (lihaotian9@huawei.com) wrote:
> In main func, func lo_map_reserve is called without NULL check.
> If reallocing new_elems fails in func lo_map_grow, the func
> lo_map_reserve may return NULL. We should check whether
> lo_map_reserve returns NULL before using it.
> 
> Signed-off-by: Haotian Li <lihaotian9@huawei.com>
> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

(I think the fuse_log will always fall through the default_log_func
becuase it's very early)

> ---
>  tools/virtiofsd/passthrough_ll.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index ec1008bceb..3e9bbc7a04 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -3433,6 +3433,7 @@ int main(int argc, char *argv[])
>          .proc_self_fd = -1,
>      };
>      struct lo_map_elem *root_elem;
> +    struct lo_map_elem *reserve_elem;
>      int ret = -1;
> 
>      /* Don't mask creation mode, kernel already did that */
> @@ -3452,8 +3453,17 @@ int main(int argc, char *argv[])
>       * [1] Root inode
>       */
>      lo_map_init(&lo.ino_map);
> -    lo_map_reserve(&lo.ino_map, 0)->in_use = false;
> +    reserve_elem = lo_map_reserve(&lo.ino_map, 0);
> +    if (!reserve_elem) {
> +        fuse_log(FUSE_LOG_ERR, "failed to alloc reserve_elem.\n");
> +        goto err_out1;
> +    }
> +    reserve_elem->in_use = false;
>      root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino);
> +    if (!root_elem) {
> +        fuse_log(FUSE_LOG_ERR, "failed to alloc root_elem.\n");
> +        goto err_out1;
> +    }
>      root_elem->inode = &lo.root;
> 
>      lo_map_init(&lo.dirp_map);
> -- 
> 
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://www.redhat.com/mailman/listinfo/virtio-fs
diff mbox series

Patch

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index ec1008bceb..3e9bbc7a04 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -3433,6 +3433,7 @@  int main(int argc, char *argv[])
         .proc_self_fd = -1,
     };
     struct lo_map_elem *root_elem;
+    struct lo_map_elem *reserve_elem;
     int ret = -1;

     /* Don't mask creation mode, kernel already did that */
@@ -3452,8 +3453,17 @@  int main(int argc, char *argv[])
      * [1] Root inode
      */
     lo_map_init(&lo.ino_map);
-    lo_map_reserve(&lo.ino_map, 0)->in_use = false;
+    reserve_elem = lo_map_reserve(&lo.ino_map, 0);
+    if (!reserve_elem) {
+        fuse_log(FUSE_LOG_ERR, "failed to alloc reserve_elem.\n");
+        goto err_out1;
+    }
+    reserve_elem->in_use = false;
     root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino);
+    if (!root_elem) {
+        fuse_log(FUSE_LOG_ERR, "failed to alloc root_elem.\n");
+        goto err_out1;
+    }
     root_elem->inode = &lo.root;

     lo_map_init(&lo.dirp_map);