[lustre-devel] [PATCH 27/50] lnet: Fix NULL-deref in lnet_nidstr_r()

James Simmons jsimmons at infradead.org
Sun Mar 20 06:30:41 PDT 2022

From: Mr NeilBrown <neilb at suse.de>

It is valid to pass NULL as the nid for lnet_nidstr_r() - it indicate
"any" nid.  LNET_NID_IS_ANY() tests for this and the function exits

However, 'lnd' is assigned from "nid->nid_type" and 'nnum' from
"nid->nid_num", causing a NULL-pointer dereference.

So move these assignments later.

Fixes: a2cfedead042 ("lnet: introduce struct lnet_nid")
WC-bug-id: https://jira.whamcloud.com/browse/LU-10391
Lustre-commit: 8ed370864c4747281 ("LU-10391 lnet: Fix NULL-deref in lnet_nidstr_r()")
Signed-off-by: Mr NeilBrown <neilb at suse.de>
Reviewed-on: https://review.whamcloud.com/44838
Reviewed-by: Chris Horn <chris.horn at hpe.com>
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Serguei Smirnov <ssmirnov at whamcloud.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
 net/lnet/lnet/nidstrings.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/lnet/lnet/nidstrings.c b/net/lnet/lnet/nidstrings.c
index dfd6744..3523b78 100644
--- a/net/lnet/lnet/nidstrings.c
+++ b/net/lnet/lnet/nidstrings.c
@@ -967,8 +967,8 @@ int cfs_print_nidlist(char *buffer, int count, struct list_head *nidlist)
 char *
 libcfs_nidstr_r(const struct lnet_nid *nid, char *buf, size_t buf_size)
-	u32 nnum = be16_to_cpu(nid->nid_num);
-	u32 lnd  = nid->nid_type;
+	u32 nnum;
+	u32 lnd;
 	struct netstrfns *nf;
 	if (LNET_NID_IS_ANY(nid)) {
@@ -977,6 +977,8 @@ int cfs_print_nidlist(char *buffer, int count, struct list_head *nidlist)
 		return buf;
+	nnum = be16_to_cpu(nid->nid_num);
+	lnd = nid->nid_type;
 	nf = libcfs_lnd2netstrfns(lnd);
 	if (nf) {
 		size_t addr_len;

More information about the lustre-devel mailing list