From: David Howells <dhowells@redhat.com>
Date: Thu, 15 Dec 2022 16:20:04 +0000 (+0000)
Subject: rxrpc: Fix NULL deref in rxrpc_unuse_local()
X-Git-Tag: v6.6.17~5865^2~10^2~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=eaa02390adb03b82f04babebf0cdd233793aecf5;p=platform%2Fkernel%2Flinux-rpi.git

rxrpc: Fix NULL deref in rxrpc_unuse_local()

Fix rxrpc_unuse_local() to get the debug_id *after* checking to see if
local is NULL.

Fixes: a2cf3264f331 ("rxrpc: Fold __rxrpc_unuse_local() into rxrpc_unuse_local()")
Reported-by: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
index 4422292..24ee585 100644
--- a/net/rxrpc/local_object.c
+++ b/net/rxrpc/local_object.c
@@ -357,10 +357,11 @@ struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local,
  */
 void rxrpc_unuse_local(struct rxrpc_local *local, enum rxrpc_local_trace why)
 {
-	unsigned int debug_id = local->debug_id;
+	unsigned int debug_id;
 	int r, u;
 
 	if (local) {
+		debug_id = local->debug_id;
 		r = refcount_read(&local->ref);
 		u = atomic_dec_return(&local->active_users);
 		trace_rxrpc_local(debug_id, why, r, u);