pnfsblock: fix NULL pointer dereference

bl_add_page_to_bio returns error pointer. bio should be reset to
NULL in failure cases as the out path always calls bl_submit_bio.

Signed-off-by: Peng Tao <peng_tao@emc.com>
Signed-off-by: Jim Rees <rees@umich.edu>
Cc: stable@kernel.org [3.0]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
index 2167ba2..4ddbfbf 100644 (file)
--- a/fs/nfs/blocklayout/blocklayout.c
+++ b/fs/nfs/blocklayout/blocklayout.c
@@ -292,6 +292,7 @@ bl_read_pagelist(struct nfs_read_data *rdata)
                                                 bl_end_io_read, par);
                        if (IS_ERR(bio)) {
                                rdata->pnfs_error = PTR_ERR(bio);
+                               bio = NULL;
                                goto out;
                        }
                }
@@ -581,6 +582,7 @@ fill_invalid_ext:
                                                 bl_end_io_write_zero, par);
                        if (IS_ERR(bio)) {
                                wdata->pnfs_error = PTR_ERR(bio);
+                               bio = NULL;
                                goto out;
                        }
                        /* FIXME: This should be done in bi_end_io */
@@ -629,6 +631,7 @@ next_page:
                                         bl_end_io_write, par);
                if (IS_ERR(bio)) {
                        wdata->pnfs_error = PTR_ERR(bio);
+                       bio = NULL;
                        goto out;
                }
                isect += PAGE_CACHE_SECTORS;