cifs: fix reference leak for tlink

Commit Message

Ronnie Sahlberg July 9, 2020, 10:39 a.m. UTC

Don't leak a reference to tlink during the NOTIFY ioctl

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/ioctl.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Aurélien Aptel July 9, 2020, 11:22 a.m. UTC | #1

Reviewed-by: Aurelien Aptel <aaptel@suse.com>

Steve French July 9, 2020, 3:05 p.m. UTC | #2

merged into cifs-2.6.git for-next

On Thu, Jul 9, 2020 at 6:22 AM Aurélien Aptel <aaptel@suse.com> wrote:
>
>
> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
>
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

Steve French July 9, 2020, 4:28 p.m. UTC | #3

http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/2/builds/367
running regression tests with this and the other 3 patches

On Thu, Jul 9, 2020 at 5:41 AM Ronnie Sahlberg <lsahlber@redhat.com> wrote:
>
> Don't leak a reference to tlink during the NOTIFY ioctl
>
> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
>  fs/cifs/ioctl.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c
> index 4a73e63c4d43..dcde44ff6cf9 100644
> --- a/fs/cifs/ioctl.c
> +++ b/fs/cifs/ioctl.c
> @@ -169,6 +169,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
>         unsigned int xid;
>         struct cifsFileInfo *pSMBFile = filep->private_data;
>         struct cifs_tcon *tcon;
> +       struct tcon_link *tlink;
>         struct cifs_sb_info *cifs_sb;
>         __u64   ExtAttrBits = 0;
>         __u64   caps;
> @@ -307,13 +308,19 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
>                                 break;
>                         }
>                         cifs_sb = CIFS_SB(inode->i_sb);
> -                       tcon = tlink_tcon(cifs_sb_tlink(cifs_sb));
> +                       tlink = cifs_sb_tlink(cifs_sb);
> +                       if (IS_ERR(tlink)) {
> +                               rc = PTR_ERR(tlink);
> +                               break;
> +                       }
> +                       tcon = tlink_tcon(tlink);
>                         if (tcon && tcon->ses->server->ops->notify) {
>                                 rc = tcon->ses->server->ops->notify(xid,
>                                                 filep, (void __user *)arg);
>                                 cifs_dbg(FYI, "ioctl notify rc %d\n", rc);
>                         } else
>                                 rc = -EOPNOTSUPP;
> +                       cifs_put_tlink(tlink);
>                         break;
>                 default:
>                         cifs_dbg(FYI, "unsupported ioctl\n");
> --
> 2.13.6
>

Patch

diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c
index 4a73e63c4d43..dcde44ff6cf9 100644
--- a/fs/cifs/ioctl.c
+++ b/fs/cifs/ioctl.c
@@ -169,6 +169,7 @@  long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
 	unsigned int xid;
 	struct cifsFileInfo *pSMBFile = filep->private_data;
 	struct cifs_tcon *tcon;
+	struct tcon_link *tlink;
 	struct cifs_sb_info *cifs_sb;
 	__u64	ExtAttrBits = 0;
 	__u64   caps;
@@ -307,13 +308,19 @@  long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
 				break;
 			}
 			cifs_sb = CIFS_SB(inode->i_sb);
-			tcon = tlink_tcon(cifs_sb_tlink(cifs_sb));
+			tlink = cifs_sb_tlink(cifs_sb);
+			if (IS_ERR(tlink)) {
+				rc = PTR_ERR(tlink);
+				break;
+			}
+			tcon = tlink_tcon(tlink);
 			if (tcon && tcon->ses->server->ops->notify) {
 				rc = tcon->ses->server->ops->notify(xid,
 						filep, (void __user *)arg);
 				cifs_dbg(FYI, "ioctl notify rc %d\n", rc);
 			} else
 				rc = -EOPNOTSUPP;
+			cifs_put_tlink(tlink);
 			break;
 		default:
 			cifs_dbg(FYI, "unsupported ioctl\n");