5.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Namjae Jeon <linkinjeon@xxxxxxxxxx> [ Upstream commit 73f949ea87c7d697210653501ca21efe57295327 ] If ->iov_idx is zero, This means that the iov vector for the response was not added during the request process. In other words, it means that there is a problem in generating a response, So this patch return as an error to avoid NULL pointer dereferencing problem. Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/ksmbd/connection.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -197,6 +197,9 @@ int ksmbd_conn_write(struct ksmbd_work * if (work->send_no_response) return 0; + if (!work->iov_idx) + return -EINVAL; + ksmbd_conn_lock(conn); sent = conn->transport->ops->writev(conn->transport, work->iov, work->iov_cnt,
