From patchwork Tue Jul 25 11:59:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fedor Pchelkin X-Patchwork-Id: 13326368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6539C001DE for ; Tue, 25 Jul 2023 11:59:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232814AbjGYL7y (ORCPT ); Tue, 25 Jul 2023 07:59:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232741AbjGYL7v (ORCPT ); Tue, 25 Jul 2023 07:59:51 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73626E7B; Tue, 25 Jul 2023 04:59:50 -0700 (PDT) Received: from localhost.ispras.ru (unknown [10.10.165.8]) by mail.ispras.ru (Postfix) with ESMTPSA id DD2BF40B27AF; Tue, 25 Jul 2023 11:59:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru DD2BF40B27AF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1690286389; bh=ruOum+VRqfbaR9QtP8uXcTltKn49w9a/H02a8B9VQzg=; h=From:To:Cc:Subject:Date:From; b=U14zvJHO6elOcBhBxtyQLd1QBk1gUozOihac+FTAT3r1lArX+5hJ0oCmPR0EE+HvB w86HcqhIZ/lnVz+ZYkdK0VP5RVIICr2/VL+R/z5vT1bf1aAhzG1dq7KfyMKcm83ovL +31KGUXWyIQIoysaXqa3MVMB0VsoCiVV4JC6Oqn8= From: Fedor Pchelkin To: Trond Myklebust Cc: Fedor Pchelkin , Anna Schumaker , Olga Kornievskaia , Benjamin Coddington , linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org Subject: [PATCH] NFSv4: fix out path in __nfs4_get_acl_uncached Date: Tue, 25 Jul 2023 14:59:30 +0300 Message-ID: <20230725115933.23784-1-pchelkin@ispras.ru> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Another highly rare error case when a page allocating loop (inside __nfs4_get_acl_uncached, this time) is not properly unwound on error. Since pages array is allocated being uninitialized, need to free only lower array indices. NULL checks were useful before commit 62a1573fcf84 ("NFSv4 fix acl retrieval over krb5i/krb5p mounts") when the array had been initialized to zero on stack. Found by Linux Verification Center (linuxtesting.org). Fixes: 62a1573fcf84 ("NFSv4 fix acl retrieval over krb5i/krb5p mounts") Signed-off-by: Fedor Pchelkin Reviewed-by: Benjamin Coddington --- fs/nfs/nfs4proc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e1a886b58354..08e8381a5e46 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6004,9 +6004,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, out_ok: ret = res.acl_len; out_free: - for (i = 0; i < npages; i++) - if (pages[i]) - __free_page(pages[i]); + while (--i >= 0) + __free_page(pages[i]); if (res.acl_scratch) __free_page(res.acl_scratch); kfree(pages);