From 2be85b2b93dc2e1c8a8fa809a821ea5cfa36ac39 Mon Sep 17 00:00:00 2001
From: Bobi Jam <bobijam.xu@intel.com>
Date: Sun, 9 Apr 2017 17:12:19 +0800
Subject: [PATCH] LU-9307 lov: NULL pointer deref in lov_delete_composite

When lov_init_composite() cannot allocate memory and bails out,
lov_delete_composite() is then called, and it should check the
composite entry's existence before trying to delete each component.

Signed-off-by: Bobi Jam <bobijam.xu@intel.com>
Change-Id: I013c596a19a114b763f3eebbaafa1559fa09d8d9
Reviewed-on: https://review.whamcloud.com/26456
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Niu Yawei <yawei.niu@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---
 lustre/lov/lov_object.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lustre/lov/lov_object.c b/lustre/lov/lov_object.c
index 1d6c8d5..bb974e9 100644
--- a/lustre/lov/lov_object.c
+++ b/lustre/lov/lov_object.c
@@ -461,14 +461,16 @@ static int lov_delete_composite(const struct lu_env *env,
 				union lov_layout_state *state)
 {
 	struct lov_layout_entry *entry;
+	struct lov_layout_composite *comp = &state->composite;
 
 	ENTRY;
 
 	dump_lsm(D_INODE, lov->lo_lsm);
 
 	lov_layout_wait(env, lov);
-	lov_foreach_layout_entry(lov, entry)
-		lov_delete_raid0(env, lov, &entry->lle_raid0);
+	if (comp->lo_entries)
+		lov_foreach_layout_entry(lov, entry)
+			lov_delete_raid0(env, lov, &entry->lle_raid0);
 
 	RETURN(0);
 }
-- 
1.8.3.1