Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3775404ybl; Fri, 20 Dec 2019 15:34:16 -0800 (PST) X-Google-Smtp-Source: APXvYqyG0jUC6iIrLTkSrYh4TyQxy+Wifa8io2DlhvsUuapdQOGR6ChJPzuH1qBebxlm38NrfbpJ X-Received: by 2002:a9d:2073:: with SMTP id n106mr7945784ota.145.1576884856717; Fri, 20 Dec 2019 15:34:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576884856; cv=none; d=google.com; s=arc-20160816; b=HcOOmi5LQzvszs5jY6f5k71254KPs6vym/zUjE8Kj+Zr9UMQuey77R1cqxr62qQrRD 7npF5b9bN3OVKPTTSSUdxtejlTj+7BBM9lTEhchtJqA4Uh/AtGRIV1CcqOmAAC5IuEiS KtQFYSNUjtS7qhkeBoxOgtsqHF+erDSFI9uQR8+4phLbB0jFtTQ7NJzUu33j26IcwUJy isMgcgQieyVN89BQu0gs3pPR21Lh8a9sf/1CYzxZV/a0rAPkyH9VK3SgJeuFdjwxNh2C MogbhOJV579QqZFPWvdkTH54YMTzzbsxijO5LCP7rjYcZs2LOYu0XK5F0meCDK3s8xsK 0peA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=xRxzEw48zEBWXxQLWMaAha1xxuK7NFLDu4quymTgw2U=; b=NvBNNXJm/nM7fNsEhOS+qhOs6ODaWa7BOZ7RnATKH9CZzOwhzVTC4btX25Czb5pS/8 MLw/Z2fghd3/Gf6HwMwPo6uDls3SgPBtQM5s/oy08zenenn++AfGo1pqyVS0/pyZo4bN Ml5Ifbl1/pcdaW5tV/c+mQrI5SguBW2hv0LCPlVPyKrdMH4cKUp0OKOIcXu0usDuxdg4 EDvZEjkcEbaXvfCLBnlSK5UCQ97aUcVxF0PVthrFy0r7jxVmQVho+0MeZpon7H/7ywsN I9vM5XvmfZzm8DNzzPG243qqUDPYSX6EhEiwnJ8s0FJFhON4aMz5oMIsRi55mF9F+CfY +3yw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l20si4194780otr.227.2019.12.20.15.34.04; Fri, 20 Dec 2019 15:34:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726680AbfLTXd0 (ORCPT + 99 others); Fri, 20 Dec 2019 18:33:26 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:59026 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726470AbfLTXd0 (ORCPT ); Fri, 20 Dec 2019 18:33:26 -0500 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iiRlr-0001A8-48; Fri, 20 Dec 2019 23:33:23 +0000 From: Colin King To: Jens Axboe , Alexander Viro , io-uring@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] io_uring: fix missing error return when percpu_ref_init fails Date: Fri, 20 Dec 2019 23:33:22 +0000 Message-Id: <20191220233322.13599-1-colin.king@canonical.com> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King Currently when the call to percpu_ref_init fails ctx->file_data is set to null and because there is a missing return statement the following statement dereferences this null pointer causing an oops. Fix this by adding the missing -ENOMEM return to avoid the oops. Addresses-Coverity: ("Explicit null dereference") Fixes: cbb537634780 ("io_uring: avoid ring quiesce for fixed file set unregister and update") Signed-off-by: Colin Ian King --- fs/io_uring.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/io_uring.c b/fs/io_uring.c index c756b8fc44c6..1d31294f5914 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -4937,6 +4937,7 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg, kfree(ctx->file_data->table); kfree(ctx->file_data); ctx->file_data = NULL; + return -ENOMEM; } ctx->file_data->put_llist.first = NULL; INIT_WORK(&ctx->file_data->ref_work, io_ring_file_ref_switch); -- 2.24.0