fs/overlayfs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
From: sunliming <sunliming@kylinos.cn>
In the ovl_destroy_inode function, a variable reference oi->lowerdata_redirect
that might be NULL is directly freed. Add a non-null check, and only free
the space when it is not NULL.
Signed-off-by: sunliming <sunliming@kylinos.cn>
---
fs/overlayfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 60f0b7ceef0a..4b8b5fd4ab59 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -218,7 +218,7 @@ static void ovl_destroy_inode(struct inode *inode)
ovl_stack_put(ovl_lowerstack(oi->oe), ovl_numlower(oi->oe));
if (S_ISDIR(inode->i_mode))
ovl_dir_cache_free(inode);
- else
+ else if (oi->lowerdata_redirect)
kfree(oi->lowerdata_redirect);
}
--
2.25.1On Tue, Apr 21, 2026 at 05:23:49PM +0800, sunliming@linux.dev wrote: > From: sunliming <sunliming@kylinos.cn> > > In the ovl_destroy_inode function, a variable reference oi->lowerdata_redirect > that might be NULL is directly freed. Add a non-null check, and only free > the space when it is not NULL. Which NULL pointer dereferencing is that change supposed to prevent? If oi is NULL, your condition would have exact same NULL pointer dereference (as would several places in earlier lines, while we are at it). And kfree(NULL) is NOT dereferencing anything; it's explicitly defined as an empty operation, same as for userland free(NULL) and for the same reason.
On Tue, Apr 21, 2026 at 11:24 AM <sunliming@linux.dev> wrote: > > From: sunliming <sunliming@kylinos.cn> > > In the ovl_destroy_inode function, a variable reference oi->lowerdata_redirect > that might be NULL is directly freed. Add a non-null check, and only free > the space when it is not NULL. Sunliming, This is nonsense. kfree() is not a dereference and kfree(NULL) is allowed. Please be more considerate of my time and the time of other volunteer maintainers and do not post patches that you do not understand yourself. Thanks, Amir. > > Signed-off-by: sunliming <sunliming@kylinos.cn> > --- > fs/overlayfs/super.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c > index 60f0b7ceef0a..4b8b5fd4ab59 100644 > --- a/fs/overlayfs/super.c > +++ b/fs/overlayfs/super.c > @@ -218,7 +218,7 @@ static void ovl_destroy_inode(struct inode *inode) > ovl_stack_put(ovl_lowerstack(oi->oe), ovl_numlower(oi->oe)); > if (S_ISDIR(inode->i_mode)) > ovl_dir_cache_free(inode); > - else > + else if (oi->lowerdata_redirect) > kfree(oi->lowerdata_redirect); > } > > -- > 2.25.1 >
2026年4月21日 17:45, "Amir Goldstein" <amir73il@gmail.com mailto:amir73il@gmail.com?to=%22Amir%20Goldstein%22%20%3Camir73il%40gmail.com%3E > 写到: > > On Tue, Apr 21, 2026 at 11:24 AM <sunliming@linux.dev> wrote: > > > > > From: sunliming <sunliming@kylinos.cn> > > > > In the ovl_destroy_inode function, a variable reference oi->lowerdata_redirect > > that might be NULL is directly freed. Add a non-null check, and only free > > the space when it is not NULL. > > > Sunliming, > > This is nonsense. > kfree() is not a dereference and kfree(NULL) is allowed. > > Please be more considerate of my time and the time of other > volunteer maintainers and do not post patches that you do not > understand yourself. > > Thanks, > Amir. > I understand, I apologize for this patch, thank you. > > > > Signed-off-by: sunliming <sunliming@kylinos.cn> > > --- > > fs/overlayfs/super.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c > > index 60f0b7ceef0a..4b8b5fd4ab59 100644 > > --- a/fs/overlayfs/super.c > > +++ b/fs/overlayfs/super.c > > @@ -218,7 +218,7 @@ static void ovl_destroy_inode(struct inode *inode) > > ovl_stack_put(ovl_lowerstack(oi->oe), ovl_numlower(oi->oe)); > > if (S_ISDIR(inode->i_mode)) > > ovl_dir_cache_free(inode); > > - else > > + else if (oi->lowerdata_redirect) > > kfree(oi->lowerdata_redirect); > > } > > > > -- > > 2.25.1 > > >
© 2016 - 2026 Red Hat, Inc.