Orangefs: do not finalize bufmap if it was never initialized.

Found by the infant Orangefs fuzzer... Signed-off-by: N Martin Brandenburg <martin@omnibond.com> Signed-off-by: N Mike Marshall <hubcap@omnibond.com>

Orangefs: do not finalize bufmap if it was never initialized.
Found by the infant Orangefs fuzzer... Signed-off-by: N Martin Brandenburg <martin@omnibond.com> Signed-off-by: N Mike Marshall <hubcap@omnibond.com>
90d26aa8 · Martin Brandenburg · ce6c414e · 90d26aa8
隐藏空白更改
内联并排

Showing with 9 addition and 2 deletion

fs/orangefs/devorangefs-req.c fs/orangefs/devorangefs-req.c +9 -2

未找到文件。
--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -600,7 +600,8 @@ static int orangefs_devreq_release(struct inode *inode, struct file *file)
 		     __func__);

 	mutex_lock(&devreq_mutex);
-	orangefs_bufmap_finalize();
+	if (get_bufmap_init())
+		orangefs_bufmap_finalize();

 	open_access_count--;

@@ -692,7 +693,13 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg)
 				     (struct ORANGEFS_dev_map_desc __user *)
 				     arg,
 				     sizeof(struct ORANGEFS_dev_map_desc));
-		return ret ? -EIO : orangefs_bufmap_initialize(&user_desc);
+		if (get_bufmap_init()) {
+			return -EINVAL;
+		} else {
+			return ret ?
+			       -EIO :
+			       orangefs_bufmap_initialize(&user_desc);
+		}
 	case ORANGEFS_DEV_REMOUNT_ALL:
 		gossip_debug(GOSSIP_DEV_DEBUG,
 			     "%s: got ORANGEFS_DEV_REMOUNT_ALL\n",