Received: by 10.192.165.148 with SMTP id m20csp4485570imm; Tue, 8 May 2018 09:10:08 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoZolV3KwX44ch/pE9VV6EsOidw5zZ2HgpvNNsbdXT6gxpyGgmQkBjkVc7CiZIi/495kd9l X-Received: by 2002:a65:6414:: with SMTP id a20-v6mr2445630pgv.226.1525795808472; Tue, 08 May 2018 09:10:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525795808; cv=none; d=google.com; s=arc-20160816; b=Hk8BJRdD6QSYRKidnmqQTUC7pKvoWecHdADBFCccv7Vh1CQSX5XcspyarMYa4oQFM+ LrFd5HS2YkL+JdbOs+QxUFtI6WXIv5/eerVw24Vv2rTW3CuO5sDkgjKgZH7OVk5LN8dQ WGX95lc1+JwZNWc5s9rtB/p3kfD+frgp/X6dDRAZtBILdhq/CIprL2wlL03Bu5htGH4z QZkBkqVrngx7l9a6DDpQrluJu2Cm5tZsC0DWKOvMwxNb3SD0kfP66Ws9J6rnJZJ7soL/ 1yhas/iPfh+umKINStiULKz1p0q766S8/CN1JVFuiokveWia+CRhUi+6gMZ5uPYh2/m6 mvQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=eEuD+N77TiE3v6og99GPAch7DHqDXtoiiobu7pKTzwY=; b=xwJEZKWQEeJLnYjXQEO10kWPxvPyJpi/rsE1wQmnH2TdimaN3D1A9WJ3e163KEEGzb kl+mqRn/HZ0q40K5xmpshJ6tXF2HOVI2Rtbt5Od9wNK8drjdGnyIT7VSSvUX/DlOOxhs pqSFqLOH6GCi5NazTHLepXl99ftZx9WHmyoHYTXJsUDEGJ8fpKjSv44P4RXlpzltaB9S ASGQTFcjElaGd+xHBgfNqMmtHhjKgsPlq/R1LOV7U7h+E47TXm2VTF3V8USZgLYKTTRE BPJv7ZxXEO5ZQNhYgEOfSyzfnv2T73ZCLigelMS0Or1D6H02NCXPtudNrIo6D1Pc63+Q 65dw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 63-v6si25269844plf.524.2018.05.08.09.09.54; Tue, 08 May 2018 09:10:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932430AbeEHQJY (ORCPT + 99 others); Tue, 8 May 2018 12:09:24 -0400 Received: from fieldses.org ([173.255.197.46]:50786 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932339AbeEHQJW (ORCPT ); Tue, 8 May 2018 12:09:22 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 5DA4BAAA; Tue, 8 May 2018 12:09:22 -0400 (EDT) Date: Tue, 8 May 2018 12:09:22 -0400 From: "bfields@fieldses.org" To: Trond Myklebust Cc: "syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com" , "syzkaller-bugs@googlegroups.com" , "anna.schumaker@netapp.com" , "davem@davemloft.net" , "linux-kernel@vger.kernel.org" , "linux-nfs@vger.kernel.org" , "jlayton@kernel.org" , "netdev@vger.kernel.org" Subject: [PATCH 1/2] sunrpc: handle ENOMEM in rpcb_getport_async Message-ID: <20180508160922.GB6151@fieldses.org> References: <20180417213308.GC18217@fieldses.org> <1524002074.63751.5.camel@hammer.space> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1524002074.63751.5.camel@hammer.space> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "J. Bruce Fields" If we ignore the error we'll hit a null dereference a little later. Reported-by: syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com Signed-off-by: J. Bruce Fields --- net/sunrpc/rpcb_clnt.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c index c526f8fb37c9..82c120e51d64 100644 --- a/net/sunrpc/rpcb_clnt.c +++ b/net/sunrpc/rpcb_clnt.c @@ -771,6 +771,12 @@ void rpcb_getport_async(struct rpc_task *task) case RPCBVERS_3: map->r_netid = xprt->address_strings[RPC_DISPLAY_NETID]; map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC); + if (!map->r_addr) { + status = -ENOMEM; + dprintk("RPC: %5u %s: no memory available\n", + task->tk_pid, __func__); + goto bailout_free_args; + } map->r_owner = ""; break; case RPCBVERS_2: @@ -793,6 +799,8 @@ void rpcb_getport_async(struct rpc_task *task) rpc_put_task(child); return; +bailout_free_args: + kfree(map); bailout_release_client: rpc_release_client(rpcb_clnt); bailout_nofree: -- 2.17.0