coda: avoid NULL pointer dereference from a bad inode

Patch series "Coda updates for -next".

The following patch series contains some fixes for the Coda kernel module
I've had sitting around and were tested extensively in a development
version of the Coda kernel module that lives outside of the main kernel.

This patch (of 9):

Avoid accessing coda_inode_info from a dentry with a bad inode.

Link: https://lkml.kernel.org/r/20210908140308.18491-1-jaharkes@cs.cmu.edu
Link: https://lkml.kernel.org/r/20210908140308.18491-2-jaharkes@cs.cmu.edu
Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
Cc: Alex Shi <alex.shi@linux.alibaba.com>
Cc: Jing Yangyang <jing.yangyang@zte.com.cn>
Cc: Xin Tan <tanxin.ctf@gmail.com>
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/coda/dir.c b/fs/coda/dir.c
index d69989c..3fd0850 100644 (file)
--- a/fs/coda/dir.c
+++ b/fs/coda/dir.c
@@ -499,15 +499,20 @@ out:
  */
 static int coda_dentry_delete(const struct dentry * dentry)
 {
-       int flags;
+       struct inode *inode;
+       struct coda_inode_info *cii;
 
        if (d_really_is_negative(dentry)) 
                return 0;
 
-       flags = (ITOC(d_inode(dentry))->c_flags) & C_PURGE;
-       if (is_bad_inode(d_inode(dentry)) || flags) {
+       inode = d_inode(dentry);
+       if (!inode || is_bad_inode(inode))
                return 1;
-       }
+
+       cii = ITOC(inode);
+       if (cii->c_flags & C_PURGE)
+               return 1;
+
        return 0;
 }