| From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001 |
| From: Ronnie Sahlberg <lsahlber@redhat.com> |
| Date: Wed, 19 May 2021 08:40:11 +1000 |
| Subject: cifs: fix memory leak in smb2_copychunk_range |
| |
| From: Ronnie Sahlberg <lsahlber@redhat.com> |
| |
| commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream. |
| |
| When using smb2_copychunk_range() for large ranges we will |
| run through several iterations of a loop calling SMB2_ioctl() |
| but never actually free the returned buffer except for the final |
| iteration. |
| This leads to memory leaks everytime a large copychunk is requested. |
| |
| Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files") |
| Cc: <stable@vger.kernel.org> |
| Reviewed-by: Aurelien Aptel <aaptel@suse.com> |
| Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com> |
| Signed-off-by: Steve French <stfrench@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/cifs/smb2ops.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/fs/cifs/smb2ops.c |
| +++ b/fs/cifs/smb2ops.c |
| @@ -629,6 +629,8 @@ smb2_clone_range(const unsigned int xid, |
| cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk)); |
| |
| /* Request server copy to target from src identified by key */ |
| + kfree(retbuf); |
| + retbuf = NULL; |
| rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid, |
| trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE, |
| true /* is_fsctl */, (char *)pcchunk, |