Commit 4e3733fd authored Jul 25, 2023 by Fedor Pchelkin Committed by Trond Myklebust Aug 19, 2023

NFSv4.2: fix error handling in nfs42_proc_getxattr



There is a slight issue with error handling code inside
nfs42_proc_getxattr(). If page allocating loop fails then we free the
failing page array element which is NULL but __free_page() can't deal with
NULL args.

Found by Linux Verification Center (linuxtesting.org).

Fixes: a1f26739 ("NFSv4.2: improve page handling for GETXATTR")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

parent c3dd7de2

fs/nfs/nfs42proc.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -1377,7 +1377,6 @@ ssize_t nfs42_proc_getxattr(struct inode inode, const char name,
		for (i = 0; i < np; i++) {
		pages[i] = alloc_page(GFP_KERNEL);
		if (!pages[i]) {
		np = i + 1;
		err = -ENOMEM;
		goto out;
		}
		@@ -1401,8 +1400,8 @@ ssize_t nfs42_proc_getxattr(struct inode inode, const char name,
		} while (exception.retry);

		out:
		while (--np >= 0)
		__free_page(pages[np]);
		while (--i >= 0)
		__free_page(pages[i]);
		kfree(pages);

		return err;