| From 31fad7d41e73731f05b8053d17078638cf850fa6 Mon Sep 17 00:00:00 2001 |
| From: Roberto Bergantinos Corpas <rbergant@redhat.com> |
| Date: Tue, 28 May 2019 09:38:14 +0200 |
| Subject: CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM |
| |
| From: Roberto Bergantinos Corpas <rbergant@redhat.com> |
| |
| commit 31fad7d41e73731f05b8053d17078638cf850fa6 upstream. |
| |
| In cifs_read_allocate_pages, in case of ENOMEM, we go through |
| whole rdata->pages array but we have failed the allocation before |
| nr_pages, therefore we may end up calling put_page with NULL |
| pointer, causing oops |
| |
| Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com> |
| Acked-by: Pavel Shilovsky <pshilov@microsoft.com> |
| Signed-off-by: Steve French <stfrench@microsoft.com> |
| CC: Stable <stable@vger.kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/cifs/file.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- a/fs/cifs/file.c |
| +++ b/fs/cifs/file.c |
| @@ -2988,7 +2988,9 @@ cifs_read_allocate_pages(struct cifs_rea |
| } |
| |
| if (rc) { |
| - for (i = 0; i < nr_pages; i++) { |
| + unsigned int nr_page_failed = i; |
| + |
| + for (i = 0; i < nr_page_failed; i++) { |
| put_page(rdata->pages[i]); |
| rdata->pages[i] = NULL; |
| } |
