From: Josh Durgin <josh.durgin@inktank.com>
Date: Thu, 29 Aug 2013 00:08:10 +0000 (-0700)
Subject: rbd: fix null dereference in dout
X-Git-Tag: firefly_0821_release~3679^2~3144
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=dd932ee7a2453d86c920d3bbd2938602c5c9aaca;p=firefly-linux-kernel-4.4.55.git

rbd: fix null dereference in dout

commit c35455791c1131e7ccbf56ea6fbdd562401c2ce2 upstream.

The order parameter is sometimes NULL in _rbd_dev_v2_snap_size(), but
the dout() always derefences it. Move this to another dout() protected
by a check that order is non-NULL.

Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <alex.elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index bb9948725973..1d29dab42c0a 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -3712,12 +3712,14 @@ static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
 	if (ret < sizeof (size_buf))
 		return -ERANGE;
 
-	if (order)
+	if (order) {
 		*order = size_buf.order;
+		dout("  order %u", (unsigned int)*order);
+	}
 	*snap_size = le64_to_cpu(size_buf.size);
 
-	dout("  snap_id 0x%016llx order = %u, snap_size = %llu\n",
-		(unsigned long long)snap_id, (unsigned int)*order,
+	dout("  snap_id 0x%016llx snap_size = %llu\n",
+		(unsigned long long)snap_id,
 		(unsigned long long)*snap_size);
 
 	return 0;