Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp5759290pxu;
        Thu, 22 Oct 2020 10:16:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwhu4tPQXJPtipRivKaSgz3YLG0rjNUlLNia0UCh7VLt0fNRwL4uD/i3UKfOeHM8Y7ELFry
X-Received: by 2002:a17:906:3bd7:: with SMTP id v23mr3433640ejf.100.1603386985708;
        Thu, 22 Oct 2020 10:16:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603386985; cv=none;
        d=google.com; s=arc-20160816;
        b=zebnldLnqmLqnV2RjWHz7v6q43PJoOV5HmPSH+ZyyE4FlPuf6virkk8/PyWRIz0+3S
         meQwUV4fP3PKXnVivc05BSUL3Hpm/GMBo5iqsBnZ39b7XTgnd1nk/sh0PvhmD7op2YhN
         6Wcum/RBzx76s3hmfcmY2MTLwxY8AYnT+Obtp5Imqg2fwNfAirUP5OqKdbxfe9ifHggT
         bi3iBXck3mQHu0tOkeYd8vJZOi6dCtlSqoDPkJA33/BgLq2YAjigw+VTa1ar24Q3MVoe
         ymYTcnhypRyeO8NTk/pCodH9CLHVq8eA9bKnXNHLRC793aizDRfhpVz2ZrDHP7hBVrsn
         g65A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:user-agent:date:message-id:subject:from:cc:to;
        bh=cN2dA3ATEvGbi2kS23X+3klzk9n4NhUvUZLNRY9vPOw=;
        b=DZoPfeU9zvdjKWaZJIpXwbtQxi5mdP35spJXBTzEv+NLVYo1i/ldk6+aNKTSpCDimA
         fPHJLPvGMgMTer1Pbfozr90xpcTJzPmYHA1ILKApPzuAUu17Ienx8kuwtdozmoU/rYze
         4B7imG3UQrrcpmXvBgBWrxfKP9hbOJjfJjr2U2qBzIuioIw4M3fqc5C3YzJuyvzSJt9W
         J6TAd05vJ3u0gERqmcobTP+6ALwKwWT9xAcQ19aldlvWHx6djXuPye+IaPYBWzBdoOOS
         ZAm2r9wsE4mTmqtJIa+YAvVIgIWItgVy+YnXLDsl/qjMfCaQjVPcUWzOSDArnLO2eqxM
         RjSA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p10si1299636ejy.70.2020.10.22.10.16.04;
        Thu, 22 Oct 2020 10:16:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2899391AbgJVNNN (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Thu, 22 Oct 2020 09:13:13 -0400
Received: from szxga05-in.huawei.com ([45.249.212.191]:15244 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S2506559AbgJVNNM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Oct 2020 09:13:12 -0400
Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.59])
        by Forcepoint Email with ESMTP id 41D529CF25CFDEBCDDAF;
        Thu, 22 Oct 2020 21:13:09 +0800 (CST)
Received: from [127.0.0.1] (10.174.176.238) by DGGEMS406-HUB.china.huawei.com
 (10.3.19.206) with Microsoft SMTP Server id 14.3.487.0; Thu, 22 Oct 2020
 21:13:01 +0800
To:     <miklos@szeredi.hu>
CC:     <mszeredi@redhat.com>, <linux-fsdevel@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, linfeilong <linfeilong@huawei.com>,
        lihaotian <lihaotian9@huawei.com>
From:   Zhiqiang Liu <liuzhiqiang26@huawei.com>
Subject: [PATCH] fuse: check whether fuse_request_alloc returns NULL in
 fuse_simple_request
Message-ID: <ffefa3f4-4090-f7dd-97d4-27b8a8cb262f@huawei.com>
Date:   Thu, 22 Oct 2020 21:13:00 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.176.238]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


In fuse_simple_request func, we will call fuse_request_alloc func to alloc
one request from fuse_req_cachep when args->force is true. However, the
return value of fuse_request_alloc func is not checked whether it is NULL.
If allocating request fails, access-NULL-pointer problem will occur.

Here, we check the return value of fuse_request_alloc func.

Fixes: 7213394c4e18 ("fuse: simplify request allocation")
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Haotian Li <lihaotian9@huawei.com>
---
 fs/fuse/dev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 02b3c36b3676..f7dd33ae8e31 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -481,6 +481,8 @@ ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args)
 	if (args->force) {
 		atomic_inc(&fc->num_waiting);
 		req = fuse_request_alloc(GFP_KERNEL | __GFP_NOFAIL);
+		if (!req)
+			return -ENOMEM;

 		if (!args->nocreds)
 			fuse_force_creds(fc, req);
-- 
2.19.1