OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

NFSv4: fix out path in __nfs4_get_acl_uncached 

Another highly rare error case when a page allocating loop (inside
__nfs4_get_acl_uncached, this time) is not properly unwound on error.
Since pages array is allocated being uninitialized, need to free only
lower array indices. NULL checks were useful before commit 62a1573fcf
("NFSv4 fix acl retrieval over krb5i/krb5p mounts") when the array had
been initialized to zero on stack.

Found by Linux Verification Center (linuxtesting.org).

Fixes: 62a1573fcf ("NFSv4 fix acl retrieval over krb5i/krb5p mounts")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
This commit is contained in:
Fedor Pchelkin 2023-07-25 14:59:30 +03:00 committed by Trond Myklebust
parent 4e3733fd2b
commit f4e89f1a6d
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fs/nfs/nfs4proc.c
View File

@ -6004,9 +6004,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf,
out_ok: out_ok:
ret = res.acl_len; ret = res.acl_len;
out_free: out_free:
for (i = 0; i < npages; i++) while (--i >= 0)
if (pages[i]) __free_page(pages[i]);
__free_page(pages[i]);
if (res.acl_scratch) if (res.acl_scratch)
__free_page(res.acl_scratch); __free_page(res.acl_scratch);
kfree(pages); kfree(pages);