ceph: fix dereference of null pointer cf

Colin Ian King · idryomov · commit 05a444d3f90a · 2021-09-03T10:55:51.000+02:00
Currently in the case where kmem_cache_alloc fails the null pointer cf is dereferenced when assigning cf->is_capsnap = false. Fix this by adding a null pointer check and return path. Cc: stable@vger.kernel.org Addresses-Coverity: ("Dereference null return") Fixes: b2f9fa1 ("ceph: correctly handle releasing an embedded cap flush") Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
@@ -1736,6 +1736,9 @@ struct ceph_cap_flush *ceph_alloc_cap_flush(void)
 	struct ceph_cap_flush *cf;
 
 	cf = kmem_cache_alloc(ceph_cap_flush_cachep, GFP_KERNEL);
+	if (!cf)
+		return NULL;
+
 	cf->is_capsnap = false;
 	return cf;
 }

Original file line number	Diff line number	Diff line change
`@@ -1736,6 +1736,9 @@ struct ceph_cap_flush *ceph_alloc_cap_flush(void)`
`1736`	`1736`	`struct ceph_cap_flush *cf;`
`1737`	`1737`
`1738`	`1738`	`cf = kmem_cache_alloc(ceph_cap_flush_cachep, GFP_KERNEL);`
	`1739`	`+ if (!cf)`
	`1740`	`+ return NULL;`
	`1741`	`+`
`1739`	`1742`	`cf->is_capsnap = false;`
`1740`	`1743`	`return cf;`
`1741`	`1744`	`}`