Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp5759290pxu; Thu, 22 Oct 2020 10:16:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwhu4tPQXJPtipRivKaSgz3YLG0rjNUlLNia0UCh7VLt0fNRwL4uD/i3UKfOeHM8Y7ELFry X-Received: by 2002:a17:906:3bd7:: with SMTP id v23mr3433640ejf.100.1603386985708; Thu, 22 Oct 2020 10:16:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603386985; cv=none; d=google.com; s=arc-20160816; b=zebnldLnqmLqnV2RjWHz7v6q43PJoOV5HmPSH+ZyyE4FlPuf6virkk8/PyWRIz0+3S meQwUV4fP3PKXnVivc05BSUL3Hpm/GMBo5iqsBnZ39b7XTgnd1nk/sh0PvhmD7op2YhN 6Wcum/RBzx76s3hmfcmY2MTLwxY8AYnT+Obtp5Imqg2fwNfAirUP5OqKdbxfe9ifHggT bi3iBXck3mQHu0tOkeYd8vJZOi6dCtlSqoDPkJA33/BgLq2YAjigw+VTa1ar24Q3MVoe ymYTcnhypRyeO8NTk/pCodH9CLHVq8eA9bKnXNHLRC793aizDRfhpVz2ZrDHP7hBVrsn g65A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:subject:from:cc:to; bh=cN2dA3ATEvGbi2kS23X+3klzk9n4NhUvUZLNRY9vPOw=; b=DZoPfeU9zvdjKWaZJIpXwbtQxi5mdP35spJXBTzEv+NLVYo1i/ldk6+aNKTSpCDimA fPHJLPvGMgMTer1Pbfozr90xpcTJzPmYHA1ILKApPzuAUu17Ienx8kuwtdozmoU/rYze 4B7imG3UQrrcpmXvBgBWrxfKP9hbOJjfJjr2U2qBzIuioIw4M3fqc5C3YzJuyvzSJt9W J6TAd05vJ3u0gERqmcobTP+6ALwKwWT9xAcQ19aldlvWHx6djXuPye+IaPYBWzBdoOOS ZAm2r9wsE4mTmqtJIa+YAvVIgIWItgVy+YnXLDsl/qjMfCaQjVPcUWzOSDArnLO2eqxM RjSA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p10si1299636ejy.70.2020.10.22.10.16.04; Thu, 22 Oct 2020 10:16:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2899391AbgJVNNN (ORCPT + 99 others); Thu, 22 Oct 2020 09:13:13 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:15244 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2506559AbgJVNNM (ORCPT ); Thu, 22 Oct 2020 09:13:12 -0400 Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 41D529CF25CFDEBCDDAF; Thu, 22 Oct 2020 21:13:09 +0800 (CST) Received: from [127.0.0.1] (10.174.176.238) by DGGEMS406-HUB.china.huawei.com (10.3.19.206) with Microsoft SMTP Server id 14.3.487.0; Thu, 22 Oct 2020 21:13:01 +0800 To: CC: , , , linfeilong , lihaotian From: Zhiqiang Liu Subject: [PATCH] fuse: check whether fuse_request_alloc returns NULL in fuse_simple_request Message-ID: Date: Thu, 22 Oct 2020 21:13:00 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.176.238] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In fuse_simple_request func, we will call fuse_request_alloc func to alloc one request from fuse_req_cachep when args->force is true. However, the return value of fuse_request_alloc func is not checked whether it is NULL. If allocating request fails, access-NULL-pointer problem will occur. Here, we check the return value of fuse_request_alloc func. Fixes: 7213394c4e18 ("fuse: simplify request allocation") Signed-off-by: Zhiqiang Liu Signed-off-by: Haotian Li --- fs/fuse/dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 02b3c36b3676..f7dd33ae8e31 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -481,6 +481,8 @@ ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args) if (args->force) { atomic_inc(&fc->num_waiting); req = fuse_request_alloc(GFP_KERNEL | __GFP_NOFAIL); + if (!req) + return -ENOMEM; if (!args->nocreds) fuse_force_creds(fc, req); -- 2.19.1