projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb57908)
SUNRPC: Fix null pointer dereference in svc_rqst_free()
authorYunjian Wang <wangyunjian@huawei.com>
Fri, 23 Apr 2021 09:42:58 +0000 (17:42 +0800)
committerChuck Lever <chuck.lever@oracle.com>
Fri, 23 Apr 2021 14:43:05 +0000 (10:43 -0400)
When alloc_pages_node() returns null in svc_rqst_alloc(), the
null rq_scratch_page pointer will be dereferenced when calling
put_page() in svc_rqst_free(). Fix it by adding a null check.

Addresses-Coverity: ("Dereference after null check")
Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
net/sunrpc/svc.c patch | blob | history

diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index d76dc9d95d1639a989a6011cd235c8b82b3fa469..0de918cb3d90da4842fdb0facc54ac2f8b0ddc5a 100644 (file)
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -846,7 +846,8 @@ void
 svc_rqst_free(struct svc_rqst *rqstp)
 {
        svc_release_buffer(rqstp);
-       put_page(rqstp->rq_scratch_page);
+       if (rqstp->rq_scratch_page)
+               put_page(rqstp->rq_scratch_page);
        kfree(rqstp->rq_resp);
        kfree(rqstp->rq_argp);
        kfree(rqstp->rq_auth_data);
ep93xx device tree rework repo: git://git.maquefel.me/linux.git