Patch "NFSv4.2: fix error handling in nfs42_proc_getxattr" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    NFSv4.2: fix error handling in nfs42_proc_getxattr

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nfsv4.2-fix-error-handling-in-nfs42_proc_getxattr.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 47e442ce1bebc7ec8ddf9679b0176e1d8c60cfd4
Author: Fedor Pchelkin <pchelkin@xxxxxxxxx>
Date:   Tue Jul 25 14:58:58 2023 +0300

    NFSv4.2: fix error handling in nfs42_proc_getxattr
    
    [ Upstream commit 4e3733fd2b0f677faae21cf838a43faf317986d3 ]
    
    There is a slight issue with error handling code inside
    nfs42_proc_getxattr(). If page allocating loop fails then we free the
    failing page array element which is NULL but __free_page() can't deal with
    NULL args.
    
    Found by Linux Verification Center (linuxtesting.org).
    
    Fixes: a1f26739ccdc ("NFSv4.2: improve page handling for GETXATTR")
    Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>
    Reviewed-by: Benjamin Coddington <bcodding@xxxxxxxxxx>
    Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index da94bf2afd070..bc07012741cb4 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -1339,7 +1339,6 @@ ssize_t nfs42_proc_getxattr(struct inode *inode, const char *name,
 	for (i = 0; i < np; i++) {
 		pages[i] = alloc_page(GFP_KERNEL);
 		if (!pages[i]) {
-			np = i + 1;
 			err = -ENOMEM;
 			goto out;
 		}
@@ -1363,8 +1362,8 @@ ssize_t nfs42_proc_getxattr(struct inode *inode, const char *name,
 	} while (exception.retry);
 
 out:
-	while (--np >= 0)
-		__free_page(pages[np]);
+	while (--i >= 0)
+		__free_page(pages[i]);
 	kfree(pages);
 
 	return err;



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux