From 03350a1e8d88196eaa98d0cce4e24e730f09ad5b Mon Sep 17 00:00:00 2001 From: Alex Chen Date: Mon, 14 Dec 2020 12:16:15 +0000 Subject: [PATCH] virtiofsd: Remove useless code about send_notify_iov The 'ch' will be NULL in the following stack: send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and this may lead to NULL pointer dereferenced in virtio_send_msg(). But send_notify_iov() was never called, so remove the useless code about send_notify_iov() to fix this problem. Signed-off-by: Alex Chen Message-Id: <20201214121615.29967-1-alex.chen@huawei.com> Reviewed-by: Stefan Hajnoczi Signed-off-by: Dr. David Alan Gilbert --- tools/virtiofsd/fuse_lowlevel.c | 98 ----------------------------------------- 1 file changed, 98 deletions(-) diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c index d4119e92ab..e94b71110b 100644 --- a/tools/virtiofsd/fuse_lowlevel.c +++ b/tools/virtiofsd/fuse_lowlevel.c @@ -2143,104 +2143,6 @@ static void do_destroy(fuse_req_t req, fuse_ino_t nodeid, send_reply_ok(req, NULL, 0); } -static int send_notify_iov(struct fuse_session *se, int notify_code, - struct iovec *iov, int count) -{ - struct fuse_out_header out = { - .error = notify_code, - }; - - if (!se->got_init) { - return -ENOTCONN; - } - - iov[0].iov_base = &out; - iov[0].iov_len = sizeof(struct fuse_out_header); - - return fuse_send_msg(se, NULL, iov, count); -} - -int fuse_lowlevel_notify_poll(struct fuse_pollhandle *ph) -{ - if (ph != NULL) { - struct fuse_notify_poll_wakeup_out outarg = { - .kh = ph->kh, - }; - struct iovec iov[2]; - - iov[1].iov_base = &outarg; - iov[1].iov_len = sizeof(outarg); - - return send_notify_iov(ph->se, FUSE_NOTIFY_POLL, iov, 2); - } else { - return 0; - } -} - -int fuse_lowlevel_notify_inval_inode(struct fuse_session *se, fuse_ino_t ino, - off_t off, off_t len) -{ - struct fuse_notify_inval_inode_out outarg = { - .ino = ino, - .off = off, - .len = len, - }; - struct iovec iov[2]; - - if (!se) { - return -EINVAL; - } - - iov[1].iov_base = &outarg; - iov[1].iov_len = sizeof(outarg); - - return send_notify_iov(se, FUSE_NOTIFY_INVAL_INODE, iov, 2); -} - -int fuse_lowlevel_notify_inval_entry(struct fuse_session *se, fuse_ino_t parent, - const char *name, size_t namelen) -{ - struct fuse_notify_inval_entry_out outarg = { - .parent = parent, - .namelen = namelen, - }; - struct iovec iov[3]; - - if (!se) { - return -EINVAL; - } - - iov[1].iov_base = &outarg; - iov[1].iov_len = sizeof(outarg); - iov[2].iov_base = (void *)name; - iov[2].iov_len = namelen + 1; - - return send_notify_iov(se, FUSE_NOTIFY_INVAL_ENTRY, iov, 3); -} - -int fuse_lowlevel_notify_delete(struct fuse_session *se, fuse_ino_t parent, - fuse_ino_t child, const char *name, - size_t namelen) -{ - struct fuse_notify_delete_out outarg = { - .parent = parent, - .child = child, - .namelen = namelen, - }; - struct iovec iov[3]; - - if (!se) { - return -EINVAL; - } - - iov[1].iov_base = &outarg; - iov[1].iov_len = sizeof(outarg); - iov[2].iov_base = (void *)name; - iov[2].iov_len = namelen + 1; - - return send_notify_iov(se, FUSE_NOTIFY_DELETE, iov, 3); -} - int fuse_lowlevel_notify_store(struct fuse_session *se, fuse_ino_t ino, off_t offset, struct fuse_bufvec *bufv) { -- 2.11.4.GIT