3.16.75-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Roberto Bergantinos Corpas rbergant@redhat.com
commit 31fad7d41e73731f05b8053d17078638cf850fa6 upstream.
In cifs_read_allocate_pages, in case of ENOMEM, we go through whole rdata->pages array but we have failed the allocation before nr_pages, therefore we may end up calling put_page with NULL pointer, causing oops
Signed-off-by: Roberto Bergantinos Corpas rbergant@redhat.com Acked-by: Pavel Shilovsky pshilov@microsoft.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Ben Hutchings ben@decadent.org.uk --- fs/cifs/file.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2744,7 +2744,9 @@ cifs_read_allocate_pages(struct cifs_rea }
if (rc) { - for (i = 0; i < nr_pages; i++) { + unsigned int nr_page_failed = i; + + for (i = 0; i < nr_page_failed; i++) { put_page(rdata->pages[i]); rdata->pages[i] = NULL; }