[PATCH] afs: Fix potential null pointer dereference in afs_put_server
Jeffrey E Altman
jaltman at auristor.com
Tue Sep 23 13:49:40 PDT 2025
On 9/23/2025 3:51 AM, Zhen Ni wrote:
> afs_put_server() accessed server->debug_id before the NULL check, which
> could lead to a null pointer dereference. Move the debug_id assignment,
> ensuring we never dereference a NULL server pointer.
>
> Fixes: 2757a4dc1849 ("afs: Fix access after dec in put functions")
> Cc: stable at vger.kernel.org
> Signed-off-by: Zhen Ni <zhen.ni at easystack.cn>
> ---
> fs/afs/server.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/afs/server.c b/fs/afs/server.c
> index a97562f831eb..c4428ebddb1d 100644
> --- a/fs/afs/server.c
> +++ b/fs/afs/server.c
> @@ -331,13 +331,14 @@ struct afs_server *afs_use_server(struct afs_server *server, bool activate,
> void afs_put_server(struct afs_net *net, struct afs_server *server,
> enum afs_server_trace reason)
> {
> - unsigned int a, debug_id = server->debug_id;
> + unsigned int a, debug_id;
> bool zero;
> int r;
>
> if (!server)
> return;
>
> + debug_id = server->debug_id;
> a = atomic_read(&server->active);
> zero = __refcount_dec_and_test(&server->ref, &r);
> trace_afs_server(debug_id, r - 1, a, reason);
Looks good.
Reviewed-by: Jeffrey Altman <jaltman at auristor.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4467 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/linux-afs/attachments/20250923/d7b646da/attachment.p7s>
More information about the linux-afs
mailing list