releases/4.9.270/cifs-fix-memory-leak-in-smb2_copychunk_range.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001
 From: Ronnie Sahlberg <lsahlber@redhat.com>
 Date: Wed, 19 May 2021 08:40:11 +1000
 Subject: cifs: fix memory leak in smb2_copychunk_range

 From: Ronnie Sahlberg <lsahlber@redhat.com>

 commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.

 When using smb2_copychunk_range() for large ranges we will
 run through several iterations of a loop calling SMB2_ioctl()
 but never actually free the returned buffer except for the final
 iteration.
 This leads to memory leaks everytime a large copychunk is requested.

 Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
 Cc: <stable@vger.kernel.org>
 Reviewed-by: Aurelien Aptel <aaptel@suse.com>
 Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
 Signed-off-by: Steve French <stfrench@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  fs/cifs/smb2ops.c |    2 ++
  1 file changed, 2 insertions(+)

 --- a/fs/cifs/smb2ops.c
 +++ b/fs/cifs/smb2ops.c
 @@ -629,6 +629,8 @@ smb2_clone_range(const unsigned int xid,
  			cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));

  		/* Request server copy to target from src identified by key */
 +		kfree(retbuf);
 +		retbuf = NULL;
  		rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
  			trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
  			true /* is_fsctl */, (char *)pcchunk,
	From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001
	From: Ronnie Sahlberg <lsahlber@redhat.com>
	Date: Wed, 19 May 2021 08:40:11 +1000
	Subject: cifs: fix memory leak in smb2_copychunk_range

	From: Ronnie Sahlberg <lsahlber@redhat.com>

	commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.

	When using smb2_copychunk_range() for large ranges we will
	run through several iterations of a loop calling SMB2_ioctl()
	but never actually free the returned buffer except for the final
	iteration.
	This leads to memory leaks everytime a large copychunk is requested.

	Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
	Cc: <stable@vger.kernel.org>
	Reviewed-by: Aurelien Aptel <aaptel@suse.com>
	Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
	Signed-off-by: Steve French <stfrench@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	fs/cifs/smb2ops.c \| 2 ++
	1 file changed, 2 insertions(+)

	--- a/fs/cifs/smb2ops.c
	+++ b/fs/cifs/smb2ops.c
	@@ -629,6 +629,8 @@ smb2_clone_range(const unsigned int xid,
	cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));

	/* Request server copy to target from src identified by key */
	+ kfree(retbuf);
	+ retbuf = NULL;
	rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
	trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
	true /* is_fsctl /, (char )pcchunk,