From a28ae45d7709c89ae86af8de357842a454361a39 Mon Sep 17 00:00:00 2001
From: Timothy Day <timday@amazon.com>
Date: Sat, 29 Jul 2023 19:58:47 +0000
Subject: [PATCH] LU-17000 lnet: fix use-after-free in lnet_startup_lndnet

If the lnd_startup function returns a positive
error code, the ni will get freed. But the code
incorrectly checks only for negative error codes,
leading to a potential use-after-free.

Addresses-Coverity-ID: 397786 ("Use after free")

Test-Parameters: trivial
Signed-off-by: Timothy Day <timday@amazon.com>
Change-Id: I36dd4dbfc0b409de010257e5d9ae9d983fd1817f
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/51806
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Chris Horn <chris.horn@hpe.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lnet/lnet/api-ni.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lnet/lnet/api-ni.c b/lnet/lnet/api-ni.c
index 95dfbf7..8251b81 100644
--- a/lnet/lnet/api-ni.c
+++ b/lnet/lnet/api-ni.c
@@ -2717,7 +2717,7 @@ lnet_startup_lndnet(struct lnet_net *net, struct lnet_lnd_tunables *tun)
 
 		rc = lnet_startup_lndni(ni, tun);
 
-		if (rc < 0)
+		if (rc != 0)
 			goto failed1;
 
 		lnet_ni_addref(ni);
-- 
1.8.3.1