virtiofsd: Remove useless code about send_notify_iov
The 'ch' will be NULL in the following stack: send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and this may lead to NULL pointer dereferenced in virtio_send_msg(). But send_notify_iov() was never called, so remove the useless code about send_notify_iov() to fix this problem. Signed-off-by: Alex Chen <alex.chen@huawei.com> Message-Id: <20201214121615.29967-1-alex.chen@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
		
							parent
							
								
									d6211148f6
								
							
						
					
					
						commit
						03350a1e8d
					
				| @ -2143,104 +2143,6 @@ static void do_destroy(fuse_req_t req, fuse_ino_t nodeid, | |||||||
|     send_reply_ok(req, NULL, 0); |     send_reply_ok(req, NULL, 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static int send_notify_iov(struct fuse_session *se, int notify_code, |  | ||||||
|                            struct iovec *iov, int count) |  | ||||||
| { |  | ||||||
|     struct fuse_out_header out = { |  | ||||||
|         .error = notify_code, |  | ||||||
|     }; |  | ||||||
| 
 |  | ||||||
|     if (!se->got_init) { |  | ||||||
|         return -ENOTCONN; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     iov[0].iov_base = &out; |  | ||||||
|     iov[0].iov_len = sizeof(struct fuse_out_header); |  | ||||||
| 
 |  | ||||||
|     return fuse_send_msg(se, NULL, iov, count); |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| int fuse_lowlevel_notify_poll(struct fuse_pollhandle *ph) |  | ||||||
| { |  | ||||||
|     if (ph != NULL) { |  | ||||||
|         struct fuse_notify_poll_wakeup_out outarg = { |  | ||||||
|             .kh = ph->kh, |  | ||||||
|         }; |  | ||||||
|         struct iovec iov[2]; |  | ||||||
| 
 |  | ||||||
|         iov[1].iov_base = &outarg; |  | ||||||
|         iov[1].iov_len = sizeof(outarg); |  | ||||||
| 
 |  | ||||||
|         return send_notify_iov(ph->se, FUSE_NOTIFY_POLL, iov, 2); |  | ||||||
|     } else { |  | ||||||
|         return 0; |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| int fuse_lowlevel_notify_inval_inode(struct fuse_session *se, fuse_ino_t ino, |  | ||||||
|                                      off_t off, off_t len) |  | ||||||
| { |  | ||||||
|     struct fuse_notify_inval_inode_out outarg = { |  | ||||||
|         .ino = ino, |  | ||||||
|         .off = off, |  | ||||||
|         .len = len, |  | ||||||
|     }; |  | ||||||
|     struct iovec iov[2]; |  | ||||||
| 
 |  | ||||||
|     if (!se) { |  | ||||||
|         return -EINVAL; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     iov[1].iov_base = &outarg; |  | ||||||
|     iov[1].iov_len = sizeof(outarg); |  | ||||||
| 
 |  | ||||||
|     return send_notify_iov(se, FUSE_NOTIFY_INVAL_INODE, iov, 2); |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| int fuse_lowlevel_notify_inval_entry(struct fuse_session *se, fuse_ino_t parent, |  | ||||||
|                                      const char *name, size_t namelen) |  | ||||||
| { |  | ||||||
|     struct fuse_notify_inval_entry_out outarg = { |  | ||||||
|         .parent = parent, |  | ||||||
|         .namelen = namelen, |  | ||||||
|     }; |  | ||||||
|     struct iovec iov[3]; |  | ||||||
| 
 |  | ||||||
|     if (!se) { |  | ||||||
|         return -EINVAL; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     iov[1].iov_base = &outarg; |  | ||||||
|     iov[1].iov_len = sizeof(outarg); |  | ||||||
|     iov[2].iov_base = (void *)name; |  | ||||||
|     iov[2].iov_len = namelen + 1; |  | ||||||
| 
 |  | ||||||
|     return send_notify_iov(se, FUSE_NOTIFY_INVAL_ENTRY, iov, 3); |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| int fuse_lowlevel_notify_delete(struct fuse_session *se, fuse_ino_t parent, |  | ||||||
|                                 fuse_ino_t child, const char *name, |  | ||||||
|                                 size_t namelen) |  | ||||||
| { |  | ||||||
|     struct fuse_notify_delete_out outarg = { |  | ||||||
|         .parent = parent, |  | ||||||
|         .child = child, |  | ||||||
|         .namelen = namelen, |  | ||||||
|     }; |  | ||||||
|     struct iovec iov[3]; |  | ||||||
| 
 |  | ||||||
|     if (!se) { |  | ||||||
|         return -EINVAL; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     iov[1].iov_base = &outarg; |  | ||||||
|     iov[1].iov_len = sizeof(outarg); |  | ||||||
|     iov[2].iov_base = (void *)name; |  | ||||||
|     iov[2].iov_len = namelen + 1; |  | ||||||
| 
 |  | ||||||
|     return send_notify_iov(se, FUSE_NOTIFY_DELETE, iov, 3); |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| int fuse_lowlevel_notify_store(struct fuse_session *se, fuse_ino_t ino, | int fuse_lowlevel_notify_store(struct fuse_session *se, fuse_ino_t ino, | ||||||
|                                off_t offset, struct fuse_bufvec *bufv) |                                off_t offset, struct fuse_bufvec *bufv) | ||||||
| { | { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Alex Chen
						Alex Chen