scoutfs: return error from lock_name_keys

xfstests generic/028 was crashing dereferencing NULL locks. It'd hit either rename trying to refresh an inode with a NULL lock or lookup trying to pass a NULL lock's end to item lookup. The addition of the lock LRU fixed a bug in lock_name_keys() where it wouldn't drop a lock when _cluster_lock() returned an error. But it always returned 0 instead of returning the error. Returning 0 without setting the lock caused the callers to deref their NULL locks. We also forcefully NULL the lock at the start of the function. It was lucky that callers had already NULLed their locks. If they hadn't they would have been following random on-stack memory and it might have been harder to debug. Signed-off-by: Zach Brown <zab@versity.com>
2026-02-07 19:20:44 +00:00 · 2017-09-10 15:05:23 -07:00
parent b1fff0997e
commit fbfbe910aa
1 changed files with 6 additions and 2 deletions
--- a/kmod/src/lock.c
+++ b/kmod/src/lock.c
@@ -406,6 +406,8 @@ static int lock_name_keys(struct super_block *sb, int mode, int flags,
 	int lkm_flags;
 	int ret;

+	*ret_lock = NULL;
+
 	if (WARN_ON_ONCE(!(flags & SCOUTFS_LKF_TRYLOCK) &&
 			 scoutfs_trans_held()))
 		return -EINVAL;
@@ -425,9 +427,11 @@ static int lock_name_keys(struct super_block *sb, int mode, int flags,
 	if (ret) {
 		dec_lock_users(lock);
 		put_scoutfs_lock(sb, lock);
-	} else
+	} else {
 		*ret_lock = lock;
-	return 0;
+	}
+
+	return ret;
 }

 u64 scoutfs_lock_refresh_gen(struct scoutfs_lock *lock)