| Message ID | 1435919809-8348-1-git-send-email-fdmanana@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Thanks for this Filipe, On Fri, Jul 03, 2015 at 11:36:49AM +0100, fdmanana@kernel.org wrote: > From: Filipe Manana <fdmanana@suse.com> > > We were allocating memory with memdup_user() but we were never releasing > that memory. This affected pretty much every call to the ioctl, whether > it deduplicated extents or not. > > This issue was reported on IRC by Julian Taylor and on the mailing list > by Marcel Ritter, credit goes to them for finding the issue. > > Reported-by: Julian Taylor <jtaylor.debian@googlemail.com> > Reported-by: Marcel Ritter <ritter.marcel@gmail.com> > Cc: stable@vger.kernel.org > Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: Mark Fasheh <mfasheh@suse.de> --Mark -- Mark Fasheh -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c86b835..78e6a28 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2958,7 +2958,7 @@ out_unlock: static long btrfs_ioctl_file_extent_same(struct file *file, struct btrfs_ioctl_same_args __user *argp) { - struct btrfs_ioctl_same_args *same; + struct btrfs_ioctl_same_args *same = NULL; struct btrfs_ioctl_same_extent_info *info; struct inode *src = file_inode(file); u64 off; @@ -2988,6 +2988,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, if (IS_ERR(same)) { ret = PTR_ERR(same); + same = NULL; goto out; } @@ -3058,6 +3059,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, out: mnt_drop_write_file(file); + kfree(same); return ret; }