From 8ed370864c4747281dab22f3fafceb5310c1cd53 Mon Sep 17 00:00:00 2001 From: Mr NeilBrown Date: Fri, 3 Sep 2021 13:22:17 +1000 Subject: [PATCH] LU-10391 lnet: Fix NULL-deref in lnet_nidstr_r() It is valid to pass NULL as the nid for lnet_nidstr_r() - it indicate "any" nid. LNET_NID_IS_ANY() tests for this and the function exits early. However, 'lnd' is assigned from "nid->nid_type" and 'nnum' from "nid->nid_num", causing a NULL-pointer dereference. So move these assignments later. Fixes: 82a17076f880 ("LU-10391 lnet: introduce struct lnet_nid") Test-Parameters: trivial Test-Parameters: serverversion=2.12 serverdistro=el7.9 testlist=runtests Test-Parameters: clientversion=2.12 testlist=runtests Signed-off-by: Mr NeilBrown Change-Id: Ie29dd4d0ef7fac0f11c1ece714278a7dd9860602 Reviewed-on: https://review.whamcloud.com/44838 Reviewed-by: Chris Horn Reviewed-by: James Simmons Reviewed-by: Serguei Smirnov Tested-by: jenkins Tested-by: Maloo Reviewed-by: Oleg Drokin --- lnet/lnet/nidstrings.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lnet/lnet/nidstrings.c b/lnet/lnet/nidstrings.c index eb341d4..d732684 100644 --- a/lnet/lnet/nidstrings.c +++ b/lnet/lnet/nidstrings.c @@ -973,8 +973,8 @@ EXPORT_SYMBOL(libcfs_nid2str_r); char * libcfs_nidstr_r(const struct lnet_nid *nid, char *buf, size_t buf_size) { - __u32 nnum = be16_to_cpu(nid->nid_num); - __u32 lnd = nid->nid_type; + __u32 nnum; + __u32 lnd; struct netstrfns *nf; if (LNET_NID_IS_ANY(nid)) { @@ -983,6 +983,8 @@ libcfs_nidstr_r(const struct lnet_nid *nid, char *buf, size_t buf_size) return buf; } + nnum = be16_to_cpu(nid->nid_num); + lnd = nid->nid_type; nf = libcfs_lnd2netstrfns(lnd); if (nf) { size_t addr_len; -- 1.8.3.1