virtiofsd: Remove useless code about send_notify_iov

The 'ch' will be NULL in the following stack:
send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and
this may lead to NULL pointer dereferenced in virtio_send_msg().
But send_notify_iov() was never called, so remove the useless code
about send_notify_iov() to fix this problem.

Signed-off-by: Alex Chen <alex.chen@huawei.com>
Message-Id: <20201214121615.29967-1-alex.chen@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
Alex Chen 2020-12-14 12:16:15 +00:00 committed by Dr. David Alan Gilbert
parent d6211148f6
commit 03350a1e8d

View File

@ -2143,104 +2143,6 @@ static void do_destroy(fuse_req_t req, fuse_ino_t nodeid,
send_reply_ok(req, NULL, 0);
}
static int send_notify_iov(struct fuse_session *se, int notify_code,
struct iovec *iov, int count)
{
struct fuse_out_header out = {
.error = notify_code,
};
if (!se->got_init) {
return -ENOTCONN;
}
iov[0].iov_base = &out;
iov[0].iov_len = sizeof(struct fuse_out_header);
return fuse_send_msg(se, NULL, iov, count);
}
int fuse_lowlevel_notify_poll(struct fuse_pollhandle *ph)
{
if (ph != NULL) {
struct fuse_notify_poll_wakeup_out outarg = {
.kh = ph->kh,
};
struct iovec iov[2];
iov[1].iov_base = &outarg;
iov[1].iov_len = sizeof(outarg);
return send_notify_iov(ph->se, FUSE_NOTIFY_POLL, iov, 2);
} else {
return 0;
}
}
int fuse_lowlevel_notify_inval_inode(struct fuse_session *se, fuse_ino_t ino,
off_t off, off_t len)
{
struct fuse_notify_inval_inode_out outarg = {
.ino = ino,
.off = off,
.len = len,
};
struct iovec iov[2];
if (!se) {
return -EINVAL;
}
iov[1].iov_base = &outarg;
iov[1].iov_len = sizeof(outarg);
return send_notify_iov(se, FUSE_NOTIFY_INVAL_INODE, iov, 2);
}
int fuse_lowlevel_notify_inval_entry(struct fuse_session *se, fuse_ino_t parent,
const char *name, size_t namelen)
{
struct fuse_notify_inval_entry_out outarg = {
.parent = parent,
.namelen = namelen,
};
struct iovec iov[3];
if (!se) {
return -EINVAL;
}
iov[1].iov_base = &outarg;
iov[1].iov_len = sizeof(outarg);
iov[2].iov_base = (void *)name;
iov[2].iov_len = namelen + 1;
return send_notify_iov(se, FUSE_NOTIFY_INVAL_ENTRY, iov, 3);
}
int fuse_lowlevel_notify_delete(struct fuse_session *se, fuse_ino_t parent,
fuse_ino_t child, const char *name,
size_t namelen)
{
struct fuse_notify_delete_out outarg = {
.parent = parent,
.child = child,
.namelen = namelen,
};
struct iovec iov[3];
if (!se) {
return -EINVAL;
}
iov[1].iov_base = &outarg;
iov[1].iov_len = sizeof(outarg);
iov[2].iov_base = (void *)name;
iov[2].iov_len = namelen + 1;
return send_notify_iov(se, FUSE_NOTIFY_DELETE, iov, 3);
}
int fuse_lowlevel_notify_store(struct fuse_session *se, fuse_ino_t ino,
off_t offset, struct fuse_bufvec *bufv)
{