Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp4370192rwo; Tue, 25 Jul 2023 05:16:03 -0700 (PDT) X-Google-Smtp-Source: APBJJlFmy+fLNt4uhjquOHVLB3HQk1cppZ50uIRt2/Uq5z4MLylUo5mLZNo9+IcZD85PPQBslZgE X-Received: by 2002:a17:907:7850:b0:96f:d780:5734 with SMTP id lb16-20020a170907785000b0096fd7805734mr12397967ejc.65.1690287362962; Tue, 25 Jul 2023 05:16:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690287362; cv=none; d=google.com; s=arc-20160816; b=olmeWZ4murzVvDVRyzaqnynN6Uo78b9K09wXNDgdD0gPXxX+g7nc7mtvTSTohVkjWN XGjqOvLRNYfRc0ni85ePTMmOlWrUp+BXCLG1iVSZGlCaCKSaD23lw0NTsi8PWM9aOYEQ TK1aktPYadr9uebEHwbtg4J5LRTTuVwLCFHCpOl5bKhr7WldgwJ0cwhjErdib7rnJ9Rn QqeP30knG41osfgHhPJoXB0doR34j+Rw0RD84hsacz96kueXli9TnpiyastOsyQibXbo pn8R8+3UE8NQ9uFyGLXJ5ZVckiSB9JpRGuT5J2iwnekaw7JIRyS9pLqVujxbEVOKHjDq g7Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter; bh=ruOum+VRqfbaR9QtP8uXcTltKn49w9a/H02a8B9VQzg=; fh=N4kg5tjWiEeUVBrdIk0AKTOWxSYz2QXx/gSInfw2v2U=; b=gS2iBnhnAdgjok7Wzb5nRv65mPgZy6Vi0PxhSWTxMh+QfsAOkopR8yUc/o2bGX65tl G7mWBQ+NaScGB1cbeIO1NCGXEgnsqhme+WVjWh8pmdir5AfOe6qPrKn60e0ldHHFbF34 z/aJ461irxK2U1zw1SSKCVxPwPo+wyUQjpmmXklT80R+HjoHOhc98NCN646WcDMgnY26 iXkVelfq2cGjyBJPA6qau9lvUHuUb4CnDRvmhQi3aRMkqvngKeIce+C/fjgneU4CyR2e 14Krph2r8rF9AWgUUosu7TwKw9dfT5N4oDgBf5GQ2GTmbus9N506X/IQ/VpGi4fm5d8G 4FrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=U14zvJHO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r3-20020a17090638c300b0099a1fb56239si8223901ejd.476.2023.07.25.05.15.32; Tue, 25 Jul 2023 05:16:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=U14zvJHO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232984AbjGYL7z (ORCPT + 99 others); Tue, 25 Jul 2023 07:59:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232741AbjGYL7v (ORCPT ); Tue, 25 Jul 2023 07:59:51 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73626E7B; Tue, 25 Jul 2023 04:59:50 -0700 (PDT) Received: from localhost.ispras.ru (unknown [10.10.165.8]) by mail.ispras.ru (Postfix) with ESMTPSA id DD2BF40B27AF; Tue, 25 Jul 2023 11:59:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru DD2BF40B27AF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1690286389; bh=ruOum+VRqfbaR9QtP8uXcTltKn49w9a/H02a8B9VQzg=; h=From:To:Cc:Subject:Date:From; b=U14zvJHO6elOcBhBxtyQLd1QBk1gUozOihac+FTAT3r1lArX+5hJ0oCmPR0EE+HvB w86HcqhIZ/lnVz+ZYkdK0VP5RVIICr2/VL+R/z5vT1bf1aAhzG1dq7KfyMKcm83ovL +31KGUXWyIQIoysaXqa3MVMB0VsoCiVV4JC6Oqn8= From: Fedor Pchelkin To: Trond Myklebust Cc: Fedor Pchelkin , Anna Schumaker , Olga Kornievskaia , Benjamin Coddington , linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org Subject: [PATCH] NFSv4: fix out path in __nfs4_get_acl_uncached Date: Tue, 25 Jul 2023 14:59:30 +0300 Message-ID: <20230725115933.23784-1-pchelkin@ispras.ru> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Another highly rare error case when a page allocating loop (inside __nfs4_get_acl_uncached, this time) is not properly unwound on error. Since pages array is allocated being uninitialized, need to free only lower array indices. NULL checks were useful before commit 62a1573fcf84 ("NFSv4 fix acl retrieval over krb5i/krb5p mounts") when the array had been initialized to zero on stack. Found by Linux Verification Center (linuxtesting.org). Fixes: 62a1573fcf84 ("NFSv4 fix acl retrieval over krb5i/krb5p mounts") Signed-off-by: Fedor Pchelkin --- fs/nfs/nfs4proc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index e1a886b58354..08e8381a5e46 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6004,9 +6004,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, out_ok: ret = res.acl_len; out_free: - for (i = 0; i < npages; i++) - if (pages[i]) - __free_page(pages[i]); + while (--i >= 0) + __free_page(pages[i]); if (res.acl_scratch) __free_page(res.acl_scratch); kfree(pages); -- 2.41.0