Hi all,
while browsing http://sosdg.org/~coywolf/lxr/ for a completely unrelated
matter, I found these two potential NULL pointer dereferences in
drivers/dlm/device.c. In do_user_lock():
803 if (!li && DLM_LKF_PERSISTENT) {
804 li = allocate_lockinfo(fi, cmd, kparams);
805
806 li->li_lksb.sb_lkid = kparams->lkid;
807 li->li_castaddr = kparams->castaddr;
808 li->li_castparam = kparams->castparam;
809
810 /* OK, this isn;t exactly a FIRSTLOCK but it is the
811 first time we've used this lockinfo, and if things
812 fail we want rid of it */
813 init_MUTEX_LOCKED(&li->li_firstlock);
814 set_bit(LI_FLAG_FIRSTLOCK, &li->li_flags);
815 add_lockinfo(li);
816
817 /* TODO: do a query to get the current state ?? */
818 }
819 if (!li)
820 return -EINVAL;
Lines 806...815 need to be enclosed by if (li) {...}, or line 803 should
be replaced by
if (!li && DLM_LKF_PERSISTENT &&
(li = allocate_lockinfo(fi, cmd, kparams)) {
In do_user_unlock():
915 if (!li) {
916 li = allocate_lockinfo(fi, cmd, kparams);
917 spin_lock(&fi->fi_li_lock);
918 list_add(&li->li_ownerqueue, &fi->fi_li_list);
919 spin_unlock(&fi->fi_li_lock);
920 }
921 if (!li)
922 return -ENOMEM;
Same as above, or lines 921 and 922 should be moved up between 916 and 917.
(Sorry, no patch, I'm too lazy to fetch -mm...)
--
Stefan Richter
-=====-=-=-= ==-- =--=-
http://arcgraph.de/sr/
--
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
