Commit b446fb35 authored Apr 01, 2024 by Trond Myklebust Committed by ZhaoLong Wang Apr 01, 2024

NFS: Fix an Oopsable condition in __nfs_pageio_add_request()

mainline inclusion
from mainline-v5.13-rc4
commit 56517ab9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHTI
CVE: CVE-2021-47167

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56517ab958b7c11030e626250c00b9b1a24b41eb



--------------------------------

Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,
so that the structure reflects the fact that it is now empty.
Also change the test in nfs_pageio_do_add_request() to be more robust by
checking whether or not the list is empty rather than relying on the
value of pg_count.

Fixes: a7d42ddb ("nfs: add mirroring support to pgio layer")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Conflicts:
    fs/nfs/pagelist.c
Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com>

parent 6726609c

fs/nfs/pagelist.c

+6 −4

Original line number	Diff line number	Diff line
		@@ -964,15 +964,17 @@ static int nfs_pageio_do_add_request(struct nfs_pageio_descriptor *desc,

		struct nfs_page *prev = NULL;

		if (mirror->pg_count != 0) {
		prev = nfs_list_entry(mirror->pg_list.prev);
		} else {
		if (list_empty(&mirror->pg_list)) {
		if (desc->pg_ops->pg_init)
		desc->pg_ops->pg_init(desc, req);
		if (desc->pg_error < 0)
		return 0;
		mirror->pg_base = req->wb_pgbase;
		}
		mirror->pg_count = 0;
		mirror->pg_recoalesce = 0;
		} else
		prev = nfs_list_entry(mirror->pg_list.prev);

		if (!nfs_can_coalesce_requests(prev, req, desc))
		return 0;
		nfs_list_move_request(req, &mirror->pg_list);