[thirdparty/kernel/stable-queue.git] / releases / 4.4.172 / sunrpc-handle-enomem-in-rpcb_getport_async.patch

From 81c88b18de1f11f70c97f28ced8d642c00bb3955 Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@redhat.com>
Date: Thu, 20 Dec 2018 10:35:11 -0500
Subject: sunrpc: handle ENOMEM in rpcb_getport_async

From: J. Bruce Fields <bfields@redhat.com>

commit 81c88b18de1f11f70c97f28ced8d642c00bb3955 upstream.

If we ignore the error we'll hit a null dereference a little later.

Reported-by: syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/sunrpc/rpcb_clnt.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -772,6 +772,12 @@ void rpcb_getport_async(struct rpc_task
 	case RPCBVERS_3:
 		map->r_netid = xprt->address_strings[RPC_DISPLAY_NETID];
 		map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC);
+		if (!map->r_addr) {
+			status = -ENOMEM;
+			dprintk("RPC: %5u %s: no memory available\n",
+				task->tk_pid, __func__);
+			goto bailout_free_args;
+		}
 		map->r_owner = "";
 		break;
 	case RPCBVERS_2:
@@ -794,6 +800,8 @@ void rpcb_getport_async(struct rpc_task
 	rpc_put_task(child);
 	return;
 
+bailout_free_args:
+	kfree(map);
 bailout_release_client:
 	rpc_release_client(rpcb_clnt);
 bailout_nofree:
Commit	Line	Data
b11df3da GKH	1	From 81c88b18de1f11f70c97f28ced8d642c00bb3955 Mon Sep 17 00:00:00 2001
	2	From: "J. Bruce Fields" <bfields@redhat.com>
	3	Date: Thu, 20 Dec 2018 10:35:11 -0500
	4	Subject: sunrpc: handle ENOMEM in rpcb_getport_async
	5
	6	From: J. Bruce Fields <bfields@redhat.com>
	7
	8	commit 81c88b18de1f11f70c97f28ced8d642c00bb3955 upstream.
	9
	10	If we ignore the error we'll hit a null dereference a little later.
	11
	12	Reported-by: syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com
	13	Signed-off-by: J. Bruce Fields <bfields@redhat.com>
	14	Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
	15	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	16
	17	---
	18	net/sunrpc/rpcb_clnt.c \| 8 ++++++++
	19	1 file changed, 8 insertions(+)
	20
	21	--- a/net/sunrpc/rpcb_clnt.c
	22	+++ b/net/sunrpc/rpcb_clnt.c
	23	@@ -772,6 +772,12 @@ void rpcb_getport_async(struct rpc_task
	24	case RPCBVERS_3:
	25	map->r_netid = xprt->address_strings[RPC_DISPLAY_NETID];
	26	map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC);
	27	+ if (!map->r_addr) {
	28	+ status = -ENOMEM;
	29	+ dprintk("RPC: %5u %s: no memory available\n",
	30	+ task->tk_pid, __func__);
	31	+ goto bailout_free_args;
	32	+ }
	33	map->r_owner = "";
	34	break;
	35	case RPCBVERS_2:
	36	@@ -794,6 +800,8 @@ void rpcb_getport_async(struct rpc_task
	37	rpc_put_task(child);
	38	return;
	39
	40	+bailout_free_args:
	41	+ kfree(map);
	42	bailout_release_client:
	43	rpc_release_client(rpcb_clnt);
	44	bailout_nofree: