Commit f4e89f1a authored by Fedor Pchelkin's avatar Fedor Pchelkin Committed by Trond Myklebust

NFSv4: fix out path in __nfs4_get_acl_uncached

Another highly rare error case when a page allocating loop (inside
__nfs4_get_acl_uncached, this time) is not properly unwound on error.
Since pages array is allocated being uninitialized, need to free only
lower array indices. NULL checks were useful before commit 62a1573f
("NFSv4 fix acl retrieval over krb5i/krb5p mounts") when the array had
been initialized to zero on stack.

Found by Linux Verification Center (linuxtesting.org).

Fixes: 62a1573f ("NFSv4 fix acl retrieval over krb5i/krb5p mounts")
Signed-off-by: default avatarFedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: default avatarBenjamin Coddington <bcodding@redhat.com>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
parent 4e3733fd
...@@ -6004,9 +6004,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, ...@@ -6004,9 +6004,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf,
out_ok: out_ok:
ret = res.acl_len; ret = res.acl_len;
out_free: out_free:
for (i = 0; i < npages; i++) while (--i >= 0)
if (pages[i]) __free_page(pages[i]);
__free_page(pages[i]);
if (res.acl_scratch) if (res.acl_scratch)
__free_page(res.acl_scratch); __free_page(res.acl_scratch);
kfree(pages); kfree(pages);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment