| Message ID | 1619170978-15192-1-git-send-email-wangyunjian@huawei.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] SUNRPC: Fix null pointer dereference in svc_rqst_free() | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 3 maintainers not CCed: linux-nfs@vger.kernel.org anna.schumaker@netapp.com trond.myklebust@hammerspace.com |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 2 this patch: 2 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 9 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 2 this patch: 2 |
| netdev/header_inline | success | Link |
[ adding Cc: linux-nfs@vger.kernel.org ] > On Apr 23, 2021, at 5:42 AM, wangyunjian <wangyunjian@huawei.com> wrote: > > From: Yunjian Wang <wangyunjian@huawei.com> > > When alloc_pages_node() returns null in svc_rqst_alloc(), the > null rq_scratch_page pointer will be dereferenced when calling > put_page() in svc_rqst_free(). Fix it by adding a null check. > > Addresses-Coverity: ("Dereference after null check") > Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side") > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> Thanks for the fix. I've pushed it to the for-next branch at git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git > --- > net/sunrpc/svc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c > index d76dc9d95d16..0de918cb3d90 100644 > --- a/net/sunrpc/svc.c > +++ b/net/sunrpc/svc.c > @@ -846,7 +846,8 @@ void > svc_rqst_free(struct svc_rqst *rqstp) > { > svc_release_buffer(rqstp); > - put_page(rqstp->rq_scratch_page); > + if (rqstp->rq_scratch_page) > + put_page(rqstp->rq_scratch_page); > kfree(rqstp->rq_resp); > kfree(rqstp->rq_argp); > kfree(rqstp->rq_auth_data); > -- > 2.23.0 > -- Chuck Lever
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index d76dc9d95d16..0de918cb3d90 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -846,7 +846,8 @@ void svc_rqst_free(struct svc_rqst *rqstp) { svc_release_buffer(rqstp); - put_page(rqstp->rq_scratch_page); + if (rqstp->rq_scratch_page) + put_page(rqstp->rq_scratch_page); kfree(rqstp->rq_resp); kfree(rqstp->rq_argp); kfree(rqstp->rq_auth_data);