Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5243850imu; Tue, 15 Jan 2019 13:58:03 -0800 (PST) X-Google-Smtp-Source: ALg8bN56g5Ql4BvZc2flSEr0BJiOHeBQwskeD8KO4ZDePRvO3BsldlNP0EJJcjYjQh0I3N653ZLt X-Received: by 2002:a62:64d7:: with SMTP id y206mr6255516pfb.84.1547589483591; Tue, 15 Jan 2019 13:58:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547589483; cv=none; d=google.com; s=arc-20160816; b=VqpVwbFzZhAuIFTW05EBXw+YqhChSZgljlsn4Iipi3ot5WAh4q5RH9n2slxQ4Xk8Mk HU+ENmmCnpQWjPKaKsbILWkvY7Tt+l/p/71o3JpJ/A28IttIx32aMthC0KvC8Jt5Uu2P ym2WdMWFECE2XKmt0Fagl+f13Pjs9xUGNSdO2vk1iSf5t2NU6W4mbBHHUkjK2PU2JR/B JETwI/+TUd8TfUbgvNqCKBo1U2ZQCk9dWdL2Wl81taWL5ZxVbbGeGgnZz2H527O2yomS SKT/Gh6EgsOUFTV2H9GcfUlRXpQnR/RsFGQWYZSoNzIZD7RIW0IqqFSLq/U2dtx9FB3i wy/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jomarTFYKar5u2nd62EaRigRgC2zMsY1JrMhCkMIPxc=; b=qhb75O7+QUJ/pMzm7tWDrgf/ZOPJdjbJFWkP+NFhMjoZbLNSE2JJCmwOrca+FnNUcN usIxXnmf9QaJ9EIO3RhS0CUsV6yGoD6NyQcmVAwGct9PnHwtsk8k3/tMh9nHoLD21T4V neDufPpj2rFdKgSmYdKpCbHPk2pklhvtORuML9JrNIPlUDRU0ePFE2NM8bfyCLuXWr8N JAjjemE7pTzFnWWQmByQR89zNInI4+/CF6mcMFRVB6XQO6g0FKkxdjFgLtxnq1ONZZQM Bsr15GSXOTYk0S83geJ7ki2q9xqnm5R0nqPe4d2zreuqvqfoRcFoTxkgXpF2kCbC8uSk O6Ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fodX3Y3c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bb4si4295806plb.322.2019.01.15.13.57.47; Tue, 15 Jan 2019 13:58:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fodX3Y3c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387439AbfAOQoA (ORCPT + 99 others); Tue, 15 Jan 2019 11:44:00 -0500 Received: from mail.kernel.org ([198.145.29.99]:33518 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727935AbfAOQn6 (ORCPT ); Tue, 15 Jan 2019 11:43:58 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E0DFF20645; Tue, 15 Jan 2019 16:43:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547570637; bh=HfYJFEVVlvTpKImXtygTSn3bH2ziY7RHeXZOmtBnIXU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fodX3Y3c2RmUd2odUUp6gCqigpotG5II5/pvPNVem8tKXBjib0lWg8h3FoHuQv9wM f7s3EkCdk2P8+B/DZzFFokGi3CXgWNMgZqdajKpiaPWu6vBZj/Th5J41DRZEBigfC4 pGJgwp6yqhvZRNsHV+ALKbpOEhsBTR2x5/vhnKqw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joe Perches , Steve French Subject: [PATCH 4.20 17/57] cifs: check kzalloc return Date: Tue, 15 Jan 2019 17:35:58 +0100 Message-Id: <20190115154911.673475852@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190115154910.734892368@linuxfoundation.org> References: <20190115154910.734892368@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Joe Perches commit 0544b324e62c177c3a9e9c3bdce22e6db9f34588 upstream. kzalloc can return NULL so an additional check is needed. While there is a check for ret_buf there is no check for the allocation of ret_buf->crfid.fid - this check is thus added. Both call-sites of tconInfoAlloc() check for NULL return of tconInfoAlloc() so returning NULL on failure of kzalloc() here seems appropriate. As the kzalloc() is the only thing here that can fail it is moved to the beginning so as not to initialize other resources on failure of kzalloc. Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root") Signed-off-by: Joe Perches Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/cifs/misc.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -111,21 +111,27 @@ struct cifs_tcon * tconInfoAlloc(void) { struct cifs_tcon *ret_buf; - ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL); - if (ret_buf) { - atomic_inc(&tconInfoAllocCount); - ret_buf->tidStatus = CifsNew; - ++ret_buf->tc_count; - INIT_LIST_HEAD(&ret_buf->openFileList); - INIT_LIST_HEAD(&ret_buf->tcon_list); - spin_lock_init(&ret_buf->open_file_lock); - mutex_init(&ret_buf->crfid.fid_mutex); - ret_buf->crfid.fid = kzalloc(sizeof(struct cifs_fid), - GFP_KERNEL); - spin_lock_init(&ret_buf->stat_lock); - atomic_set(&ret_buf->num_local_opens, 0); - atomic_set(&ret_buf->num_remote_opens, 0); + + ret_buf = kzalloc(sizeof(*ret_buf), GFP_KERNEL); + if (!ret_buf) + return NULL; + ret_buf->crfid.fid = kzalloc(sizeof(*ret_buf->crfid.fid), GFP_KERNEL); + if (!ret_buf->crfid.fid) { + kfree(ret_buf); + return NULL; } + + atomic_inc(&tconInfoAllocCount); + ret_buf->tidStatus = CifsNew; + ++ret_buf->tc_count; + INIT_LIST_HEAD(&ret_buf->openFileList); + INIT_LIST_HEAD(&ret_buf->tcon_list); + spin_lock_init(&ret_buf->open_file_lock); + mutex_init(&ret_buf->crfid.fid_mutex); + spin_lock_init(&ret_buf->stat_lock); + atomic_set(&ret_buf->num_local_opens, 0); + atomic_set(&ret_buf->num_remote_opens, 0); + return ret_buf; }