SUNRPC: Fix gss_free_in_token_pages()
[ Upstream commit bafa6b4d95d97877baa61883ff90f7e374427fae ] Dan Carpenter says: > Commit5866efa8cb
("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct > 24, 2019 (linux-next), leads to the following Smatch static checker > warning: > > net/sunrpc/auth_gss/svcauth_gss.c:1039 gss_free_in_token_pages() > warn: iterator 'i' not incremented > > net/sunrpc/auth_gss/svcauth_gss.c > 1034 static void gss_free_in_token_pages(struct gssp_in_token *in_token) > 1035 { > 1036 u32 inlen; > 1037 int i; > 1038 > --> 1039 i = 0; > 1040 inlen = in_token->page_len; > 1041 while (inlen) { > 1042 if (in_token->pages[i]) > 1043 put_page(in_token->pages[i]); > ^ > This puts page zero over and over. > > 1044 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen; > 1045 } > 1046 > 1047 kfree(in_token->pages); > 1048 in_token->pages = NULL; > 1049 } Based on the way that the ->pages[] array is constructed in gss_read_proxy_verf(), we know that once the loop encounters a NULL page pointer, the remaining array elements must also be NULL. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Suggested-by: Trond Myklebust <trondmy@hammerspace.com> Fixes:5866efa8cb
("SUNRPC: Fix svcauth_gss_proxy_init()") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Родитель
3ae762f26b
Коммит
fe0b474974
|
@ -1132,17 +1132,11 @@ gss_read_verf(struct rpc_gss_wire_cred *gc,
|
|||
|
||||
static void gss_free_in_token_pages(struct gssp_in_token *in_token)
|
||||
{
|
||||
u32 inlen;
|
||||
int i;
|
||||
|
||||
i = 0;
|
||||
inlen = in_token->page_len;
|
||||
while (inlen) {
|
||||
if (in_token->pages[i])
|
||||
put_page(in_token->pages[i]);
|
||||
inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
|
||||
}
|
||||
|
||||
while (in_token->pages[i])
|
||||
put_page(in_token->pages[i++]);
|
||||
kfree(in_token->pages);
|
||||
in_token->pages = NULL;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче