From 3c92a0bf4d72737035a16c4fe357ccd439c9b7d2 Mon Sep 17 00:00:00 2001 From: Amir Shehata Date: Tue, 3 Dec 2013 21:58:47 +0800 Subject: [PATCH] staging/lustre/ptlrpc: Fix a crash when dereferencing NULL pointer When a system runs out of memory and the function ptlrpc_register_bulk() is called from ptl_send_rpc() the call to LNetMEAttach() fails due to failure to allocate memory. This forces the code into an error path, which most probably previously went untested. The error path: if (rc != 0) { CERROR("%s: LNetMEAttach failed x"LPU64"/%d: rc = %dn", desc->bd_export->exp_obd->obd_name, xid, posted_md, rc); break; } This print assumes that desc->bd_export is not NULL. However, it is. In fact it is expected to be NULL. desc->bd_import is the correct structure to access in this case. Lustre-change: http://review.whamcloud.com/7121 Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3585 Cc: stable # 3.12 Signed-off-by: Amir Shehata Reviewed-by: Liang Zhen Reviewed-by: Doug Oucharek Reviewed-by: Oleg Drokin Signed-off-by: Peng Tao Signed-off-by: Andreas Dilger Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lustre/lustre/ptlrpc/niobuf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/lustre/lustre/ptlrpc/niobuf.c b/drivers/staging/lustre/lustre/ptlrpc/niobuf.c index 5f2aa7aa17ea..3c6bf23415f9 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/niobuf.c +++ b/drivers/staging/lustre/lustre/ptlrpc/niobuf.c @@ -180,7 +180,7 @@ int ptlrpc_register_bulk(struct ptlrpc_request *req) LNET_UNLINK, LNET_INS_AFTER, &me_h); if (rc != 0) { CERROR("%s: LNetMEAttach failed x"LPU64"/%d: rc = %d\n", - desc->bd_export->exp_obd->obd_name, xid, + desc->bd_import->imp_obd->obd_name, xid, posted_md, rc); break; } @@ -190,7 +190,7 @@ int ptlrpc_register_bulk(struct ptlrpc_request *req) &desc->bd_mds[posted_md]); if (rc != 0) { CERROR("%s: LNetMDAttach failed x"LPU64"/%d: rc = %d\n", - desc->bd_export->exp_obd->obd_name, xid, + desc->bd_import->imp_obd->obd_name, xid, posted_md, rc); rc2 = LNetMEUnlink(me_h); LASSERT(rc2 == 0); @@ -220,7 +220,7 @@ int ptlrpc_register_bulk(struct ptlrpc_request *req) /* Holler if peer manages to touch buffers before he knows the xid */ if (desc->bd_md_count != total_md) CWARN("%s: Peer %s touched %d buffers while I registered\n", - desc->bd_export->exp_obd->obd_name, libcfs_id2str(peer), + desc->bd_import->imp_obd->obd_name, libcfs_id2str(peer), total_md - desc->bd_md_count); spin_unlock(&desc->bd_lock); -- 2.34.1