From patchwork Thu Dec 15 16:20:04 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Howells <dhowells@redhat.com>
X-Patchwork-Id: 33702
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp459780wrn;
        Thu, 15 Dec 2022 08:25:16 -0800 (PST)
X-Google-Smtp-Source: 
 AA0mqf5mrCbePDr4YpJOSXgfavNg21YOY+QuhPFXGQw5ScknPLViwdCGFO0lawvLKiOoIr/IEDFd
X-Received: by 2002:a05:6a20:93a3:b0:ad:a277:e57f with SMTP id
 x35-20020a056a2093a300b000ada277e57fmr20316399pzh.34.1671121515938;
        Thu, 15 Dec 2022 08:25:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671121515; cv=none;
        d=google.com; s=arc-20160816;
        b=FXhUy/Err3zJxK4rQ60OL+Y82uITLZ4JIqxshtbZrcQukNqv00nboyq0AeFhprbwTy
         xoTi0NrPx9o024ExX1F2eBBiwwX5P5W2x1Q31wOg5kcyYlt8Tn2wJIYuBarHTB+s3xQd
         PtH4JiBcMhQ7dhDEvCXf+4TgmKOttK+4W5/g+U6QPvtX/XhTV4AyfthgbsP9ARn0hXd5
         qMxXhMjTLzAeMDx3mSo8W5r4OOvjBNYTfAcBWolXeCOs0Q2uCmImNOhYKi2uq71ZVPI9
         SZtRAMdCXFQ8Y8EP8NkJpyg9DGZZfU5eBIHRRh3PsdTAQY8z1Fecwg3+1zyfD9lNeFFN
         EXtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:cc:to:from
         :subject:organization:dkim-signature;
        bh=zoj83DN64Ehz4LavQQ0Tm2bmeHjk0PoDaKJLK2+UpVE=;
        b=ZS97HX4YrRQr7sGfITe0U1UGCoccNottSWFoZ1Tm20NbeGk4tLiyO8qzhN//daY3eu
         D5Dzfg1+Iub+x4eLEpMq9XD6LqBC0KlI+lJGhcOEqqRzHIx7nfohekXmmjWqM1YDLScJ
         ipAdn/HhGJhBSmr57NkCPaLX0p1Ik4mQZwjQu83hrBmOboBtv0pioqkxz0l85Lu2OWP+
         ZdQ4gO6uzFUAp57DzvlVY5CPjAnoTqG09/hQmnTIF2BQtKDW/LWadie+FGLXzhz1gv1W
         8psjj82JIen8OYm82z6UI3jg7wbtYcayFG9JhCIlFgct/1u4HpQax4p0U8/cNWfQhF4f
         tEig==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=QxEg1mNt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 t3-20020a056a00138300b00540d97d4509si3455050pfg.58.2022.12.15.08.25.02;
        Thu, 15 Dec 2022 08:25:15 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=QxEg1mNt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230166AbiLOQVm (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com>
        + 99 others); Thu, 15 Dec 2022 11:21:42 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48414 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229825AbiLOQVQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Dec 2022 11:21:16 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AC9B33C20
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Dec 2022 08:20:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671121228;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=zoj83DN64Ehz4LavQQ0Tm2bmeHjk0PoDaKJLK2+UpVE=;
        b=QxEg1mNt6MM5wy9czid/OqR1m7BpVK6QD09/H37jxEJIVxY/7FSkhRg+GQRHI04kiXlqxm
        kL0/F31tce7QRA14/xFovwUiviaSWke7gIDIUbvdoXkf8ybwq0fCsrlc3n8jKSGGjRTjfd
        RBq/wPJPQI7HQMMpCgij5HnzNQsvO8Y=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-610-V9UT019RMKirgO4WV_JlNA-1; Thu, 15 Dec 2022 11:20:08 -0500
X-MC-Unique: V9UT019RMKirgO4WV_JlNA-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DBD2D3C10234;
        Thu, 15 Dec 2022 16:20:07 +0000 (UTC)
Received: from warthog.procyon.org.uk (unknown [10.33.36.96])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 2B6B214171C0;
        Thu, 15 Dec 2022 16:20:07 +0000 (UTC)
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
Subject: [PATCH net 3/9] rxrpc: Fix NULL deref in rxrpc_unuse_local()
From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com,
        syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com,
        Marc Dionne <marc.dionne@auristor.com>,
        linux-afs@lists.infradead.org, dhowells@redhat.com,
        linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org
Date: Thu, 15 Dec 2022 16:20:04 +0000
Message-ID: 
 <167112120461.152641.4382655800014753084.stgit@warthog.procyon.org.uk>
In-Reply-To: 
 <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk>
References: 
 <167112117887.152641.6194213035340041732.stgit@warthog.procyon.org.uk>
User-Agent: StGit/1.5
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752297914779818153?=
X-GMAIL-MSGID: =?utf-8?q?1752297914779818153?=

Fix rxrpc_unuse_local() to get the debug_id *after* checking to see if
local is NULL.

Fixes: a2cf3264f331 ("rxrpc: Fold __rxrpc_unuse_local() into rxrpc_unuse_local()")
Reported-by: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: syzbot+3538a6a72efa8b059c38@syzkaller.appspotmail.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
---

 net/rxrpc/local_object.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
index 44222923c0d1..24ee585d9aaf 100644
--- a/net/rxrpc/local_object.c
+++ b/net/rxrpc/local_object.c
@@ -357,10 +357,11 @@ struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local,
  */
 void rxrpc_unuse_local(struct rxrpc_local *local, enum rxrpc_local_trace why)
 {
-	unsigned int debug_id = local->debug_id;
+	unsigned int debug_id;
 	int r, u;
 
 	if (local) {
+		debug_id = local->debug_id;
 		r = refcount_read(&local->ref);
 		u = atomic_dec_return(&local->active_users);
 		trace_rxrpc_local(debug_id, why, r, u);