From: cel@kernel.org
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>
Cc: <linux-nfs@vger.kernel.org>, <stable@vger.kernel.org>,
Yunjian Wang <wangyunjian@huawei.com>
Subject: [PATCH 5.10 1/5] SUNRPC: Fix null pointer dereference in svc_rqst_free()
Date: Wed, 26 Jun 2024 14:27:41 -0400 [thread overview]
Message-ID: <20240626182745.288665-2-cel@kernel.org> (raw)
In-Reply-To: <20240626182745.288665-1-cel@kernel.org>
From: Yunjian Wang <wangyunjian@huawei.com>
[ Upstream commit b9f83ffaa0c096b4c832a43964fe6bff3acffe10 ]
When alloc_pages_node() returns null in svc_rqst_alloc(), the
null rq_scratch_page pointer will be dereferenced when calling
put_page() in svc_rqst_free(). Fix it by adding a null check.
Addresses-Coverity: ("Dereference after null check")
Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
net/sunrpc/svc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 26d972c54a59..ac7b3a93d992 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -845,7 +845,8 @@ void
svc_rqst_free(struct svc_rqst *rqstp)
{
svc_release_buffer(rqstp);
- put_page(rqstp->rq_scratch_page);
+ if (rqstp->rq_scratch_page)
+ put_page(rqstp->rq_scratch_page);
kfree(rqstp->rq_resp);
kfree(rqstp->rq_argp);
kfree(rqstp->rq_auth_data);
--
2.45.1
next prev parent reply other threads:[~2024-06-26 18:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-26 18:27 [PATCH 5.10 0/5] Five missing NFSD fixes for v5.10.y cel
2024-06-26 18:27 ` cel [this message]
2024-06-26 18:27 ` [PATCH 5.10 2/5] SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() cel
2024-06-26 18:27 ` [PATCH 5.10 3/5] SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation cel
2024-06-26 18:27 ` [PATCH 5.10 4/5] SUNRPC: Fix svcxdr_init_encode's buflen calculation cel
2024-06-26 18:27 ` [PATCH 5.10 5/5] nfsd: hold a lighter-weight client reference over CB_RECALL_ANY cel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240626182745.288665-2-cel@kernel.org \
--to=cel@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-nfs@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=wangyunjian@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.