> On Dec 6, 2022, at 04:26, Denis Arefev <arefev@xxxxxxxxx> wrote:
>
> Return value of a function 'xdr_inline_decode' is dereferenced at
> nfs4xdr.c:5540 without checking for null,
> ut it is usually checked for this function
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Denis Arefev <arefev@xxxxxxxxx>
> ---
> fs/nfs/nfs4xdr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
> index c6dbfcae7517..571cc63ecb61 100644
> --- a/fs/nfs/nfs4xdr.c
> +++ b/fs/nfs/nfs4xdr.c
> @@ -5533,6 +5533,8 @@ static int decode_op_map(struct xdr_stream *xdr, struct nfs4_op_map *op_map)
> if (bitmap_words > NFS4_OP_MAP_NUM_WORDS)
> return -EIO;
> p = xdr_inline_decode(xdr, 4 * bitmap_words);
> + if (!p)
> + return -EIO;
> for (i = 0; i < bitmap_words; i++)
> op_map->u.words[i] = be32_to_cpup(p++);
>
> --
> 2.25.1
>
Again… What kernel is this for? The current code was introduced in Linux 5.16, and looks like this:
static int decode_op_map(struct xdr_stream *xdr, struct nfs4_op_map *op_map)
{
if (xdr_stream_decode_uint32_array(xdr, op_map->u.words,
ARRAY_SIZE(op_map->u.words)) < 0)
return -EIO;
return 0;
}
It does not have the problem you keep trying to report, and you patch doesn’t apply.
_________________________________
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx
