1

3 cifs/smb3 fixes (also for stable)

-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmNd32gACgkQiiy9cAdy
 T1E/FQwAqaALaUBM+PHcqHnOKhflYf7+DjkClKcbKSuQ6kN9R5ajHk6pi7EEcexx
 eDNvNszxNm+eEGmSRMoH10cQ3U0C68Dtip1vEyBmywCRBk7QWKAvGDF2JzzS92Cv
 rz4IrZfBGDS5kxeKHAHMaGBy4xnU+4yeVFkcgESltv+g3+C2wLmwL72oeI/ttkIg
 +Tmr2EQLKG/FIxobLZePc90fWUg6vvUM3u0HwK0bzW2ZtkrxTa8/RU2ziNCbOOQN
 VVUEq9FlEVf+71TLa+N4fJStBWQWqldX197Fk15C4on7zcT05wVITXro2CYAPvhV
 ZwROwggSu0jCPiohVkrg4lQjVAFXejE/GNv8c1casliWbxaixpfLC2czONU0PItj
 lTpntaX+fxUIblhMgCsJNxpgYpgeyTS1XyC9kqmt2tsOAgkrgUx7wKtreI+M18yC
 GXPbXkczAEq73pkfkvBRd1UcWuoUPi2ex6UG6oQQO6DnFQwIBYNlMGGIHwEG3VoI
 kvdtwhi8
 =/RPn
 -----END PGP SIGNATURE-----

Merge tag '6.1-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:

 - use after free fix for reconnect race

 - two memory leak fixes

* tag '6.1-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix use-after-free caused by invalid pointer `hostname`
  cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter()
  cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc()
This commit is contained in:
Linus Torvalds 2022-10-30 09:40:04 -07:00
commit 28b7bd4ad2
2 changed files with 11 additions and 3 deletions

View File

@ -1584,6 +1584,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect)
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
server->hostname = NULL;
task = xchg(&server->tsk, NULL);
if (task)

View File

@ -2434,12 +2434,16 @@ cifs_writev_complete(struct work_struct *work)
struct cifs_writedata *
cifs_writedata_alloc(unsigned int nr_pages, work_func_t complete)
{
struct cifs_writedata *writedata = NULL;
struct page **pages =
kcalloc(nr_pages, sizeof(struct page *), GFP_NOFS);
if (pages)
return cifs_writedata_direct_alloc(pages, complete);
if (pages) {
writedata = cifs_writedata_direct_alloc(pages, complete);
if (!writedata)
kvfree(pages);
}
return NULL;
return writedata;
}
struct cifs_writedata *
@ -3299,6 +3303,9 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from,
cifs_uncached_writev_complete);
if (!wdata) {
rc = -ENOMEM;
for (i = 0; i < nr_pages; i++)
put_page(pagevec[i]);
kvfree(pagevec);
add_credits_and_wake_if(server, credits, 0);
break;
}