[PATCH 4.17 35/70] smb3: fix various xid leaks

From: Greg Kroah-Hartman
Date: Sun Jun 24 2018 - 11:43:31 EST


4.17-stable review patch. If anyone has any objections, please let me know.

------------------

From: Steve French <stfrench@xxxxxxxxxxxxx>

commit cfe89091644c441a1ade6dae6d2e47b715648615 upstream.

Fix a few cases where we were not freeing the xid which led to
active requests being non-zero at unmount time.

Signed-off-by: Steve French <smfrench@xxxxxxxxx>
CC: Stable <stable@xxxxxxxxxxxxxxx>
Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/cifs/smb2ops.c | 63 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 44 insertions(+), 19 deletions(-)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1593,8 +1593,11 @@ get_smb2_acl_by_path(struct cifs_sb_info
oparms.create_options = 0;

utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return ERR_PTR(-ENOMEM);
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return ERR_PTR(rc);
+ }

oparms.tcon = tcon;
oparms.desired_access = READ_CONTROL;
@@ -1652,8 +1655,11 @@ set_smb2_acl(struct cifs_ntsd *pnntsd, _
access_flags = WRITE_DAC;

utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return -ENOMEM;
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return rc;
+ }

oparms.tcon = tcon;
oparms.desired_access = access_flags;
@@ -1713,15 +1719,21 @@ static long smb3_zero_range(struct file

/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }

/*
* Must check if file sparse since fallocate -z (zero range) assumes
* non-sparse allocation
*/
- if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE))
- return -EOPNOTSUPP;
+ if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }

/*
* need to make sure we are not asked to extend the file since the SMB3
@@ -1730,8 +1742,11 @@ static long smb3_zero_range(struct file
* which for a non sparse file would zero the newly extended range
*/
if (keep_size == false)
- if (i_size_read(inode) < offset + len)
- return -EOPNOTSUPP;
+ if (i_size_read(inode) < offset + len) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }

cifs_dbg(FYI, "offset %lld len %lld", offset, len);

@@ -1764,8 +1779,11 @@ static long smb3_punch_hole(struct file

/* Need to make file sparse, if not already, before freeing range. */
/* Consider adding equivalent for compressed since it could also work */
- if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse))
- return -EOPNOTSUPP;
+ if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }

cifs_dbg(FYI, "offset %lld len %lld", offset, len);

@@ -1796,8 +1814,10 @@ static long smb3_simple_falloc(struct fi

/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ free_xid(xid);
+ return rc;
+ }

/*
* Files are non-sparse by default so falloc may be a no-op
@@ -1806,14 +1826,16 @@ static long smb3_simple_falloc(struct fi
*/
if ((cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE) == 0) {
if (keep_size == true)
- return 0;
+ rc = 0;
/* check if extending file */
else if (i_size_read(inode) >= off + len)
/* not extending file and already not sparse */
- return 0;
+ rc = 0;
/* BB: in future add else clause to extend file */
else
- return -EOPNOTSUPP;
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
}

if ((keep_size == true) || (i_size_read(inode) >= off + len)) {
@@ -1825,8 +1847,11 @@ static long smb3_simple_falloc(struct fi
* ie potentially making a few extra pages at the beginning
* or end of the file non-sparse via set_sparse is harmless.
*/
- if ((off > 8192) || (off + len + 8192 < i_size_read(inode)))
- return -EOPNOTSUPP;
+ if ((off > 8192) || (off + len + 8192 < i_size_read(inode))) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }

rc = smb2_set_sparse(xid, tcon, cfile, inode, false);
}