From: Greg Farnum <greg@inktank.com>
Date: Thu, 9 Oct 2014 22:12:19 +0000 (-0700)
Subject: mds: Locker: fix a NULL deref in _update_cap_fields
X-Git-Tag: v0.87~27^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F2679%2Fhead;p=ceph.git

mds: Locker: fix a NULL deref in _update_cap_fields

The MClientCaps* is allowed to be NULL, so we can't deref it unless
the dirty param is non-zero. So don't do the ahead-of-time lookup;
just call it explicitly in the if block.

Signed-off-by: Greg Farnum <greg@inktank.com>
---

diff --git a/src/mds/Locker.cc b/src/mds/Locker.cc
index ba92196583a6..ade8e49eabcf 100644
--- a/src/mds/Locker.cc
+++ b/src/mds/Locker.cc
@@ -2784,6 +2784,9 @@ static uint64_t calc_bounding(uint64_t t)
   return t + 1;
 }
 
+/**
+ * m and ack might be NULL, so don't dereference them unless dirty != 0
+ */
 void Locker::_do_snap_update(CInode *in, snapid_t snap, int dirty, snapid_t follows, client_t client, MClientCaps *m, MClientCaps *ack)
 {
   dout(10) << "_do_snap_update dirty " << ccap_string(dirty)
@@ -2862,15 +2865,17 @@ void Locker::_do_snap_update(CInode *in, snapid_t snap, int dirty, snapid_t foll
 								 ack));
 }
 
-
+/**
+ * m might be NULL, so don't dereference it unless dirty != 0.
+ */
 void Locker::_update_cap_fields(CInode *in, int dirty, MClientCaps *m, inode_t *pi)
 {
 
   utime_t ctime = m->get_ctime();
-  if (dirty && ctime > pi->ctime) {
-    dout(7) << "  ctime " << pi->ctime << " -> " << ctime
+  if (dirty && m->get_ctime() > pi->ctime) {
+    dout(7) << "  ctime " << pi->ctime << " -> " << m->get_ctime()
 	    << " for " << *in << dendl;
-    pi->ctime = ctime;
+    pi->ctime = m->get_ctime();
   }
 
   // file