The cifs_get_tcon_super() function returns NULL on error but the caller
expect it to return error pointers instead. Change it to return error
pointers. Otherwise it results in a NULL pointer dereference.
Fixes: 0938b093b1ae ("smb: client: Fix mount deadlock by avoiding super block iteration in DFS reconnect")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Hi Dan,
Thank you for your patch and for taking the time to address this issue.
I would like to mention that I have recently sent out the V4 version of
the patch series, which addresses the issues related to `cifs_get_tcon_super()`.
In the latest version, the issue of NULL pointer dereference has already
been resolved.
https://lore.kernel.org/all/CAH2r5msLMNdqdo6EBuTvrQ0hwrqSRC-LSZuN2WpwV+PkDwsCOw@xxxxxxxxxxxxxx/
I avoid null pointer dereferencing by performing a null pointer check on
the return value of cifs_get_dfs_tcon_super().
---
fs/smb/client/misc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c
index 3b6920a52daa..d73c36862e97 100644
--- a/fs/smb/client/misc.c
+++ b/fs/smb/client/misc.c
@@ -1116,7 +1116,7 @@ static struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon)
struct cifs_sb_info *cifs_sb;
if (!tcon)
- return NULL;
+ return ERR_PTR(-EINVAL);
spin_lock(&tcon->sb_list_lock);
list_for_each_entry(cifs_sb, &tcon->cifs_sb_list, tcon_sb_link) {
@@ -1141,7 +1141,7 @@ static struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon)
}
spin_unlock(&tcon->sb_list_lock);
- return NULL;
+ return ERR_PTR(-ENOENT);
}
struct super_block *cifs_get_dfs_tcon_super(struct cifs_tcon *tcon)
Additionally, I think it somewhat peculiar that in the current
implementation, cifs_get_tcon_super() returns -EINVAL.
I would greatly appreciate it if you could review my latest patch series to
confirm if it resolves the concerns. If there are any additional improvements, I
would be happy to collaborate further to ensure the best possible solution.
Best regards,
Wang Zhaolong
