Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp377667pxj; Tue, 18 May 2021 05:33:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxsv8hyAPcw7dqgohDSMqbU7axPb9mYB6KnGoCOeDy+xWD8Msmz06B5KsFc5qV6mbkPfE2D X-Received: by 2002:a05:6402:752:: with SMTP id p18mr6832026edy.127.1621341233057; Tue, 18 May 2021 05:33:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621341233; cv=none; d=google.com; s=arc-20160816; b=BIVe9C8dE5BJXmZ3Nr+dtoZtMG15nEicA8Yzsu1N9a15yYRecLvpgPwjmHjJ7Vp7ma npri8dAmzDUxz1E2SJaeCtzDFf2L71pNXt6oqB5F/wK4Kv7OreQ35I52/lVUmzLolhUs fJn9xmx523SLnryd88M7bI8Qs9FwAGb3SxfzoZHBlq5hE9ruyErkkI0M50e25lCjL2Hx 3WKDCR4OIAGhJIQtERZl6kE852IXZ1PB+dv33C0P8Y8BbZERq59KgUMPLVEwFGYJJqqn skapoqdNaxwOUjmytuW+OczCODduLpm5e9KwqEnq8MvK5PAbP6bCfDiwt4n+24IAEaTv ZCVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6XPkPLLc1FgmAPJbpnSia8uXvAlkk0r36xRlTok8FBE=; b=k0ueUrAu5IWIpVmF/Kzt0jjHnqOeHxJe8dUs1lW6L8eN+FaVXvgTU+XPQYvWgwBdAO 7Ojj5rxuxSsO9XUjwj3sny1pFMbcLBFlx3AOSJ1CwOZi12fapgSfVbfctQlYT80ecDUM CL1UxmAxmu0s7wd842Vr7fU++fkon39d3uOPykDQyaSnoTuJolvayDUzL5Kdq2ljz2YS cuXAtXtpoVMs1SOJ94acHM+5iHgjopRSFD/SgXglci3TbE34qKVmiKPrtM1Lli3eK17T 03DKqTTSwumCVpY09OqdD7Mnxvoy8GndVGrvZ3W3hWBgfw9McXHrdSGkdsUKBcjehu0z E8Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=p1mLUHBn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id zb3si17443915ejb.65.2021.05.18.05.33.26; Tue, 18 May 2021 05:33:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=p1mLUHBn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343523AbhEQPaw (ORCPT + 99 others); Mon, 17 May 2021 11:30:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:54748 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242692AbhEQPQM (ORCPT ); Mon, 17 May 2021 11:16:12 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1995861C5B; Mon, 17 May 2021 14:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621261962; bh=VSWwm3qHb2ni9JKb0Wjc4srAAOWNFy3yN5/uvmUwoCw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p1mLUHBngSqEtTyN66IYXuoV4qiLi3QYRYx7Jii7elxO+ySMIJSSYkvtNpbSy0Z1E howUCyqQOWG5sb8EjNzGsfVaD0yOVkv3ZDZyg+T/n3grjWfPu+TYVfO7aqtJMrVGQN WTLB0Ud6itMREjhqMDbRQWWHpnT/gmCQfLc1+vDM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yunjian Wang , Chuck Lever , Sasha Levin Subject: [PATCH 5.11 166/329] SUNRPC: Fix null pointer dereference in svc_rqst_free() Date: Mon, 17 May 2021 16:01:17 +0200 Message-Id: <20210517140307.753790459@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140302.043055203@linuxfoundation.org> References: <20210517140302.043055203@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yunjian Wang [ Upstream commit b9f83ffaa0c096b4c832a43964fe6bff3acffe10 ] When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scratch_page pointer will be dereferenced when calling put_page() in svc_rqst_free(). Fix it by adding a null check. Addresses-Coverity: ("Dereference after null check") Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side") Signed-off-by: Yunjian Wang Signed-off-by: Chuck Lever Signed-off-by: Sasha Levin --- net/sunrpc/svc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 7034b4755fa1..16b6681a97ab 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -846,7 +846,8 @@ void svc_rqst_free(struct svc_rqst *rqstp) { svc_release_buffer(rqstp); - put_page(rqstp->rq_scratch_page); + if (rqstp->rq_scratch_page) + put_page(rqstp->rq_scratch_page); kfree(rqstp->rq_resp); kfree(rqstp->rq_argp); kfree(rqstp->rq_auth_data); -- 2.30.2