pnfsblock: fix NULL pointer dereference
Peng Tao [Fri, 23 Sep 2011 01:50:16 +0000 (21:50 -0400)]
commit e6d05a757c314ad88d0649d3835a8a1daa964236 upstream.

bl_add_page_to_bio returns error pointer. bio should be reset to
NULL in failure cases as the out path always calls bl_submit_bio.

Signed-off-by: Peng Tao <peng_tao@emc.com>
Signed-off-by: Jim Rees <rees@umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

fs/nfs/blocklayout/blocklayout.c

index 7a585a6..323be71 100644 (file)
@@ -292,6 +292,7 @@ bl_read_pagelist(struct nfs_read_data *rdata)
                                                 bl_end_io_read, par);
                        if (IS_ERR(bio)) {
                                rdata->pnfs_error = PTR_ERR(bio);
+                               bio = NULL;
                                goto out;
                        }
                }
@@ -581,6 +582,7 @@ fill_invalid_ext:
                                                 bl_end_io_write_zero, par);
                        if (IS_ERR(bio)) {
                                wdata->pnfs_error = PTR_ERR(bio);
+                               bio = NULL;
                                goto out;
                        }
                        /* FIXME: This should be done in bi_end_io */
@@ -629,6 +631,7 @@ next_page:
                                         bl_end_io_write, par);
                if (IS_ERR(bio)) {
                        wdata->pnfs_error = PTR_ERR(bio);
+                       bio = NULL;
                        goto out;
                }
                isect += PAGE_CACHE_SECTORS;