ksmbd: fix possible refcount leak in smb2_open()

Message ID	20230302135804.2583061-1-chenxiaosong2@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-cifs-owner@vger.kernel.org> From: ChenXiaoSong <chenxiaosong2@huawei.com> To: <linkinjeon@kernel.org>, <sfrench@samba.org>, <senozhatsky@chromium.org>, <lsahlber@redhat.com>, <hyc.lee@gmail.com> CC: <linux-cifs@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <chenxiaosong2@huawei.com>, <yi.zhang@huawei.com>, <zhangxiaoxu5@huawei.com>, <yanaijie@huawei.com> Subject: [PATCH] ksmbd: fix possible refcount leak in smb2_open() Date: Thu, 2 Mar 2023 21:58:04 +0800 Message-ID: <20230302135804.2583061-1-chenxiaosong2@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	ksmbd: fix possible refcount leak in smb2_open() \| expand ksmbd: fix possible refcount leak in smb2_open()

Message ID

20230302135804.2583061-1-chenxiaosong2@huawei.com (mailing list archive)

State

New, archived

Headers

From: ChenXiaoSong <chenxiaosong2@huawei.com>
To: <linkinjeon@kernel.org>, <sfrench@samba.org>,
        <senozhatsky@chromium.org>, <lsahlber@redhat.com>,
        <hyc.lee@gmail.com>
CC: <linux-cifs@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <chenxiaosong2@huawei.com>, <yi.zhang@huawei.com>,
        <zhangxiaoxu5@huawei.com>, <yanaijie@huawei.com>
Subject: [PATCH] ksmbd: fix possible refcount leak in smb2_open()
Date: Thu, 2 Mar 2023 21:58:04 +0800
Message-ID: <20230302135804.2583061-1-chenxiaosong2@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

ksmbd: fix possible refcount leak in smb2_open() | expand

Commit Message

ChenXiaoSong March 2, 2023, 1:58 p.m. UTC

Reference count of acls will leak when memory allocation fails. Fix this
by adding the missing posix_acl_release().

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
---
 fs/ksmbd/smb2pdu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

ChenXiaoSong March 7, 2023, 8:52 a.m. UTC | #1

Hi Namjae and Steve:

Do you have any suggestions for this patch?

在 2023/3/2 21:58, ChenXiaoSong 写道:
> Reference count of acls will leak when memory allocation fails. Fix this
> by adding the missing posix_acl_release().
> 
> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
> ---
>   fs/ksmbd/smb2pdu.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
> index 0685c1c77b9f..f04d810a2588 100644
> --- a/fs/ksmbd/smb2pdu.c
> +++ b/fs/ksmbd/smb2pdu.c
> @@ -2977,8 +2977,11 @@ int smb2_open(struct ksmbd_work *work)
>   							sizeof(struct smb_acl) +
>   							sizeof(struct smb_ace) * ace_num * 2,
>   							GFP_KERNEL);
> -					if (!pntsd)
> +					if (!pntsd) {
> +						posix_acl_release(fattr.cf_acls);
> +						posix_acl_release(fattr.cf_dacls);
>   						goto err_out;
> +					}
>   
>   					rc = build_sec_desc(idmap,
>   							    pntsd, NULL, 0,
>

Namjae Jeon March 7, 2023, 9:23 a.m. UTC | #2

2023-03-02 22:58 GMT+09:00, ChenXiaoSong <chenxiaosong2@huawei.com>:
> Reference count of acls will leak when memory allocation fails. Fix this
> by adding the missing posix_acl_release().
>
> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>

Thanks for your patch!

Namjae Jeon March 7, 2023, 9:27 a.m. UTC | #3

2023-03-07 17:52 GMT+09:00, ChenXiaoSong <chenxiaosong2@huawei.com>:
> Hi Namjae and Steve:
Hi Chen,
>
> Do you have any suggestions for this patch?
Sorry, It was in the spam box...
I have sent ack. Thanks for noticing.
>
> 在 2023/3/2 21:58, ChenXiaoSong 写道:
>> Reference count of acls will leak when memory allocation fails. Fix this
>> by adding the missing posix_acl_release().
>>
>> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
>> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
>> ---
>>   fs/ksmbd/smb2pdu.c | 5 ++++-
>>   1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
>> index 0685c1c77b9f..f04d810a2588 100644
>> --- a/fs/ksmbd/smb2pdu.c
>> +++ b/fs/ksmbd/smb2pdu.c
>> @@ -2977,8 +2977,11 @@ int smb2_open(struct ksmbd_work *work)
>>   							sizeof(struct smb_acl) +
>>   							sizeof(struct smb_ace) * ace_num * 2,
>>   							GFP_KERNEL);
>> -					if (!pntsd)
>> +					if (!pntsd) {
>> +						posix_acl_release(fattr.cf_acls);
>> +						posix_acl_release(fattr.cf_dacls);
>>   						goto err_out;
>> +					}
>>
>>   					rc = build_sec_desc(idmap,
>>   							    pntsd, NULL, 0,
>>
>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 0685c1c77b9f..f04d810a2588 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2977,8 +2977,11 @@  int smb2_open(struct ksmbd_work *work)
 							sizeof(struct smb_acl) +
 							sizeof(struct smb_ace) * ace_num * 2,
 							GFP_KERNEL);
-					if (!pntsd)
+					if (!pntsd) {
+						posix_acl_release(fattr.cf_acls);
+						posix_acl_release(fattr.cf_dacls);
 						goto err_out;
+					}
 
 					rc = build_sec_desc(idmap,
 							    pntsd, NULL, 0,

ksmbd: fix possible refcount leak in smb2_open()

Commit Message

Comments

Patch