From 96d20d48a5aaa663a5c0ec35a5e4157fc9f125f5 Mon Sep 17 00:00:00 2001 From: linqiheng Date: Tue, 10 Jan 2023 07:09:43 +0000 Subject: [PATCH] hmdfs: fix nullptr dereference of share_item_timeout_wq Add check of `share_item_timeout_wq` after create_singlethread_workqueue(), to avoid nullptr dereference when destroy workqueue in hmdfs_clear_share_table(). Signed-off-by: linqiheng --- fs/hmdfs/hmdfs_share.c | 6 +++++- fs/hmdfs/hmdfs_share.h | 2 +- fs/hmdfs/main.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/hmdfs/hmdfs_share.c b/fs/hmdfs/hmdfs_share.c index c8314a5d7fca..6b9557d02263 100644 --- a/fs/hmdfs/hmdfs_share.c +++ b/fs/hmdfs/hmdfs_share.c @@ -302,7 +302,7 @@ int hmdfs_check_share_access_permission(struct hmdfs_sb_info *sbi, } -void hmdfs_init_share_table(struct hmdfs_sb_info *sbi) +int hmdfs_init_share_table(struct hmdfs_sb_info *sbi) { spin_lock_init(&sbi->share_table.item_list_lock); INIT_LIST_HEAD(&sbi->share_table.item_list_head); @@ -310,6 +310,10 @@ void hmdfs_init_share_table(struct hmdfs_sb_info *sbi) sbi->share_table.max_cnt = HMDFS_SHARE_ITEMS_MAX; sbi->share_table.share_item_timeout_wq = create_singlethread_workqueue("share_item_timeout_wq"); + + if (!sbi->share_table.share_item_timeout_wq) + return -ENOMEM; + return 0; } void hmdfs_clear_share_table(struct hmdfs_sb_info *sbi) diff --git a/fs/hmdfs/hmdfs_share.h b/fs/hmdfs/hmdfs_share.h index eef53bf19bab..3c055805bd6d 100644 --- a/fs/hmdfs/hmdfs_share.h +++ b/fs/hmdfs/hmdfs_share.h @@ -60,7 +60,7 @@ void hmdfs_close_share_item(struct hmdfs_sb_info *sbi, struct file *file, int hmdfs_check_share_access_permission(struct hmdfs_sb_info *sbi, const char *filename, char *cid); -void hmdfs_init_share_table(struct hmdfs_sb_info *sbi); +int hmdfs_init_share_table(struct hmdfs_sb_info *sbi); void hmdfs_clear_share_table(struct hmdfs_sb_info *sbi); int hmdfs_clear_first_item(struct hmdfs_share_table *st); diff --git a/fs/hmdfs/main.c b/fs/hmdfs/main.c index d0a41061bb2f..9443abde8057 100644 --- a/fs/hmdfs/main.c +++ b/fs/hmdfs/main.c @@ -712,7 +712,9 @@ static int hmdfs_init_sbi(struct hmdfs_sb_info *sbi) mutex_init(&sbi->connections.node_lock); INIT_LIST_HEAD(&sbi->connections.node_list); - hmdfs_init_share_table(sbi); + ret = hmdfs_init_share_table(sbi); + if (ret) + goto out; init_waitqueue_head(&sbi->async_readdir_wq); INIT_LIST_HEAD(&sbi->async_readdir_msg_list); INIT_LIST_HEAD(&sbi->async_readdir_work_list); -- Gitee