From 90d26aa80861afaee992228d8f0e57cbd06c8d87 Mon Sep 17 00:00:00 2001 From: Martin Brandenburg Date: Mon, 14 Dec 2015 15:26:38 -0500 Subject: [PATCH] Orangefs: do not finalize bufmap if it was never initialized. Found by the infant Orangefs fuzzer... Signed-off-by: Martin Brandenburg Signed-off-by: Mike Marshall --- fs/orangefs/devorangefs-req.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c index dc2e2ce7e943..4d7ab7cb08f7 100644 --- a/fs/orangefs/devorangefs-req.c +++ b/fs/orangefs/devorangefs-req.c @@ -600,7 +600,8 @@ static int orangefs_devreq_release(struct inode *inode, struct file *file) __func__); mutex_lock(&devreq_mutex); - orangefs_bufmap_finalize(); + if (get_bufmap_init()) + orangefs_bufmap_finalize(); open_access_count--; @@ -692,7 +693,13 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg) (struct ORANGEFS_dev_map_desc __user *) arg, sizeof(struct ORANGEFS_dev_map_desc)); - return ret ? -EIO : orangefs_bufmap_initialize(&user_desc); + if (get_bufmap_init()) { + return -EINVAL; + } else { + return ret ? + -EIO : + orangefs_bufmap_initialize(&user_desc); + } case ORANGEFS_DEV_REMOUNT_ALL: gossip_debug(GOSSIP_DEV_DEBUG, "%s: got ORANGEFS_DEV_REMOUNT_ALL\n", -- GitLab