releases/3.18.129/sunrpc-fix-leak-of-krb5p-encode-pages.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 8dae5398ab1ac107b1517e8195ed043d5f422bd0 Mon Sep 17 00:00:00 2001
 From: Chuck Lever <chuck.lever@oracle.com>
 Date: Fri, 30 Nov 2018 15:39:57 -0500
 Subject: SUNRPC: Fix leak of krb5p encode pages

 From: Chuck Lever <chuck.lever@oracle.com>

 commit 8dae5398ab1ac107b1517e8195ed043d5f422bd0 upstream.

 call_encode can be invoked more than once per RPC call. Ensure that
 each call to gss_wrap_req_priv does not overwrite pointers to
 previously allocated memory.

 Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
 Cc: stable@kernel.org
 Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  net/sunrpc/auth_gss/auth_gss.c |    4 ++++
  1 file changed, 4 insertions(+)

 --- a/net/sunrpc/auth_gss/auth_gss.c
 +++ b/net/sunrpc/auth_gss/auth_gss.c
 @@ -1721,6 +1721,7 @@ priv_release_snd_buf(struct rpc_rqst *rq
  	for (i=0; i < rqstp->rq_enc_pages_num; i++)
  		__free_page(rqstp->rq_enc_pages[i]);
  	kfree(rqstp->rq_enc_pages);
 +	rqstp->rq_release_snd_buf = NULL;
  }

  static int
 @@ -1729,6 +1730,9 @@ alloc_enc_pages(struct rpc_rqst *rqstp)
  	struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  	int first, last, i;

 +	if (rqstp->rq_release_snd_buf)
 +		rqstp->rq_release_snd_buf(rqstp);
 +
  	if (snd_buf->page_len == 0) {
  		rqstp->rq_enc_pages_num = 0;
  		return 0;
	From 8dae5398ab1ac107b1517e8195ed043d5f422bd0 Mon Sep 17 00:00:00 2001
	From: Chuck Lever <chuck.lever@oracle.com>
	Date: Fri, 30 Nov 2018 15:39:57 -0500
	Subject: SUNRPC: Fix leak of krb5p encode pages

	From: Chuck Lever <chuck.lever@oracle.com>

	commit 8dae5398ab1ac107b1517e8195ed043d5f422bd0 upstream.

	call_encode can be invoked more than once per RPC call. Ensure that
	each call to gss_wrap_req_priv does not overwrite pointers to
	previously allocated memory.

	Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
	Cc: stable@kernel.org
	Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	net/sunrpc/auth_gss/auth_gss.c \| 4 ++++
	1 file changed, 4 insertions(+)

	--- a/net/sunrpc/auth_gss/auth_gss.c
	+++ b/net/sunrpc/auth_gss/auth_gss.c
	@@ -1721,6 +1721,7 @@ priv_release_snd_buf(struct rpc_rqst *rq
	for (i=0; i < rqstp->rq_enc_pages_num; i++)
	__free_page(rqstp->rq_enc_pages[i]);
	kfree(rqstp->rq_enc_pages);
	+ rqstp->rq_release_snd_buf = NULL;
	}

	static int
	@@ -1729,6 +1730,9 @@ alloc_enc_pages(struct rpc_rqst *rqstp)
	struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
	int first, last, i;

	+ if (rqstp->rq_release_snd_buf)
	+ rqstp->rq_release_snd_buf(rqstp);
	+
	if (snd_buf->page_len == 0) {
	rqstp->rq_enc_pages_num = 0;
	return 0;