From patchwork Wed Sep 19 12:03:26 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pavel Shilovsky <piastry@etersoft.ru>
X-Patchwork-Id: 1477151
Return-Path: <linux-cifs-owner@vger.kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id 7C22EDF280
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 19 Sep 2012 12:03:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751862Ab2ISMDm (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Wed, 19 Sep 2012 08:03:42 -0400
Received: from mail-lb0-f174.google.com ([209.85.217.174]:41680 "EHLO
	mail-lb0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751827Ab2ISMDl (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Wed, 19 Sep 2012 08:03:41 -0400
Received: by lbbgj3 with SMTP id gj3so778765lbb.19
	for <linux-cifs@vger.kernel.org>;
	Wed, 19 Sep 2012 05:03:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=sender:from:to:subject:date:message-id:x-mailer;
	bh=VXQEkPgK9+RbT5TTyDjKkfZQpH9Cbj22U2acrV933OQ=;
	b=yqfAGrHMwRFIBNAUT43U7LMBRUeIiD8VSu9lJt1+fF6W51ZuopIsIuc/TaV1l6qqpk
	VztL2hMhdeiPDDVYtf6uPrFX+Gj7GqE4M+wSNp4H0J2EvQKnbNaa4QGnj6Cikh3yMeYO
	bfQzC1bfDge8Alt/1hnI+w4RLWSEVBaaNY9R9GrVN/LZm+QKOywJy7Dn6Ai8bEb/5WyU
	80IHZ3CwyC/Mx0dbQZQp3s9p665gbCvMlwTWakFxO+JePAdK8zfTa/zF9Z4ngamR65Nx
	lz5ROR5/VfTi7FY8IF1++trPZ5aBgOXM5vC4aJBDip0UldJFA1QAXUYpZp1nvum5+uKi
	9xgw==
Received: by 10.152.110.9 with SMTP id hw9mr2440239lab.55.1348056219543;
	Wed, 19 Sep 2012 05:03:39 -0700 (PDT)
Received: from localhost.localdomain ([178.45.135.74])
	by mx.google.com with ESMTPS id u5sm747104lbg.8.2012.09.19.05.03.37
	(version=TLSv1/SSLv3 cipher=OTHER);
	Wed, 19 Sep 2012 05:03:38 -0700 (PDT)
From: Pavel Shilovsky <piastry@etersoft.ru>
To: linux-cifs@vger.kernel.org
Subject: [PATCH] CIFS: Fix possible memory leaks in SMB2 code
Date: Wed, 19 Sep 2012 16:03:26 +0400
Message-Id: <1348056206-14288-1-git-send-email-piastry@etersoft.ru>
X-Mailer: git-send-email 1.7.5.4
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org

and add missed increments of failed async read and write requests.

Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
---
 fs/cifs/smb2pdu.c |   23 ++++++++++++++---------
 1 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 1572abe..a7db95f 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1218,13 +1218,13 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon,
 	iov[0].iov_len = get_rfc1002_length(req) + 4;
 
 	rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
+	rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
+
 	if (rc) {
 		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
 		goto qinf_exit;
 	}
 
-	rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
-
 	rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
 				   le32_to_cpu(rsp->OutputBufferLength),
 				   &rsp->hdr, min_len, data);
@@ -1485,8 +1485,10 @@ smb2_async_readv(struct cifs_readdata *rdata)
 	rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,
 			     cifs_readv_receive, smb2_readv_callback,
 			     rdata, 0);
-	if (rc)
+	if (rc) {
 		kref_put(&rdata->refcount, cifs_readdata_release);
+		cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
+	}
 
 	cifs_small_buf_release(buf);
 	return rc;
@@ -1643,8 +1645,10 @@ smb2_async_writev(struct cifs_writedata *wdata)
 	rc = cifs_call_async(tcon->ses->server, &rqst, NULL,
 				smb2_writev_callback, wdata, 0);
 
-	if (rc)
+	if (rc) {
 		kref_put(&wdata->refcount, cifs_writedata_release);
+		cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
+	}
 
 async_writev_out:
 	cifs_small_buf_release(req);
@@ -1700,15 +1704,15 @@ SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
 
 	rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,
 			  &resp_buftype, 0);
+	rsp = (struct smb2_write_rsp *)iov[0].iov_base;
 
 	if (rc) {
 		cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
 		cERROR(1, "Send error in write = %d", rc);
-	} else {
-		rsp = (struct smb2_write_rsp *)iov[0].iov_base;
+	} else
 		*nbytes = le32_to_cpu(rsp->DataLength);
-		free_rsp_buf(resp_buftype, rsp);
-	}
+
+	free_rsp_buf(resp_buftype, rsp);
 	return rc;
 }
 
@@ -1828,11 +1832,12 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
 	inc_rfc1001_len(req, len - 1 /* Buffer */);
 
 	rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
+	rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
+
 	if (rc) {
 		cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
 		goto qdir_exit;
 	}
-	rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
 
 	rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
 			  le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,