From: Roberto Bergantinos Corpas <rbergant@redhat.com>
Date: Tue, 28 May 2019 07:38:14 +0000 (+0200)
Subject: CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
X-Git-Tag: v5.1.8~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3f15a84f20672155dd9b8ce6e958868dbc1adc2;p=thirdparty%2Fkernel%2Fstable.git

CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM

commit 31fad7d41e73731f05b8053d17078638cf850fa6 upstream.

 In cifs_read_allocate_pages, in case of ENOMEM, we go through
whole rdata->pages array but we have failed the allocation before
nr_pages, therefore we may end up calling put_page with NULL
pointer, causing oops

Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 7037a137fa533..9a1db37b303af 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3221,7 +3221,9 @@ cifs_read_allocate_pages(struct cifs_readdata *rdata, unsigned int nr_pages)
 	}
 
 	if (rc) {
-		for (i = 0; i < nr_pages; i++) {
+		unsigned int nr_page_failed = i;
+
+		for (i = 0; i < nr_page_failed; i++) {
 			put_page(rdata->pages[i]);
 			rdata->pages[i] = NULL;
 		}