[ adding Cc: linux-nfs@xxxxxxxxxxxxxxx ]
> On Apr 23, 2021, at 5:42 AM, wangyunjian <wangyunjian@xxxxxxxxxx> wrote:
>
> From: Yunjian Wang <wangyunjian@xxxxxxxxxx>
>
> When alloc_pages_node() returns null in svc_rqst_alloc(), the
> null rq_scratch_page pointer will be dereferenced when calling
> put_page() in svc_rqst_free(). Fix it by adding a null check.
>
> Addresses-Coverity: ("Dereference after null check")
> Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side")
> Signed-off-by: Yunjian Wang <wangyunjian@xxxxxxxxxx>
Thanks for the fix. I've pushed it to the for-next branch at
git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
> ---
> net/sunrpc/svc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
> index d76dc9d95d16..0de918cb3d90 100644
> --- a/net/sunrpc/svc.c
> +++ b/net/sunrpc/svc.c
> @@ -846,7 +846,8 @@ void
> svc_rqst_free(struct svc_rqst *rqstp)
> {
> svc_release_buffer(rqstp);
> - put_page(rqstp->rq_scratch_page);
> + if (rqstp->rq_scratch_page)
> + put_page(rqstp->rq_scratch_page);
> kfree(rqstp->rq_resp);
> kfree(rqstp->rq_argp);
> kfree(rqstp->rq_auth_data);
> --
> 2.23.0
>
--
Chuck Lever
