Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp315611ybt; Sat, 13 Jun 2020 05:30:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFNnnqgcXBvSyfRqyN3V0ZLDb+NEn7jQjz6h8S1rdRb6Jnlw/8zWtG0XOLiqIU/NGIfFv1 X-Received: by 2002:a50:afa5:: with SMTP id h34mr16224931edd.34.1592051430146; Sat, 13 Jun 2020 05:30:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592051430; cv=none; d=google.com; s=arc-20160816; b=vQW+rMHwi8RpH1R46SqC2GvZrLwsIMqLFsKSpeZ9TFV8IRHuV9hNb1iOJBeIDgWAra XoC7JpRShuMRYr7dBKVge4oYud+X3bQ5B7FhFPD+Yey9Xk9k/qfKGfunTnCrOrp/uf67 TicBQf1HfW/+3w4P9ITFF9wXVSPI3EKxMMIKFy22voJ8FDdv1t8fC5vHJRKuCszNWxFW 54oP37dWA2j54vNSeWU59hXxAzFzStunOAj8yI2iD4iZbVb9yrIilI6MqX4QV0y+hSsF IUgqi28MFWUokbKrKC2dS9yJF31kYPtfFzuEFKIl0GunyGTXC+pxjFm93pZlTJpaSPdn RAfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=yYKEFGQVrzH801SxfuGZN+l0zsAnE+ezwtbbFK7MRMM=; b=hsM1gDSJdshHo+QJokcOHTarmqCgogO3W9YMlJ+8mQ5DRMaVC2U81Ja7iMURhwRAtk L1qpa2fSoJQOUyGcOb1UM3Ogg5Kkt4AmLi11AGrhyL2S3KFpqwli99uSdKX3Iug2afBg lo1ngFaK1iybLuKnZ/vkvGk4RfjS9RvaqBtR2SCX/DaOIdOaLINVTIOMTKhDQk6iUYwl ydjxYane4mAT4CXUS0GJLWbW4RA39elFRJ0wiuVJ+BJajRe9m6+Oe+4RCJjFmpO7nmLt eMcc+Rbed6w/tn4+GWSMyZFSr1ZnnVNI6CVL58+HT97hEyR3lpxCgcIUh9e6IwNkGr3S BpxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b=huyz4bTp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y16si5481682ejw.501.2020.06.13.05.30.06; Sat, 13 Jun 2020 05:30:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b=huyz4bTp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726115AbgFMM2K (ORCPT + 99 others); Sat, 13 Jun 2020 08:28:10 -0400 Received: from mail.fudan.edu.cn ([202.120.224.10]:40697 "EHLO fudan.edu.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726021AbgFMM2K (ORCPT ); Sat, 13 Jun 2020 08:28:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fudan.edu.cn; s=dkim; h=Received:From:To:Cc:Subject:Date: Message-Id; bh=yYKEFGQVrzH801SxfuGZN+l0zsAnE+ezwtbbFK7MRMM=; b=h uyz4bTpwJgl7Ofp9qbz6jPA4RodOOWcrUs+ZaojGv8a4mzdcUAqs2dmo3kge9PW2 vcOBH9c3E/IZNeNGr0hYo7y+vBQZhBxw0tMwUfoj248CfzNXwzdDQhZFv+71e4L6 x23TPQXfgO9yv8RxIJO1C4IuzXRdaIi31TRzTx+FMw= Received: from localhost.localdomain (unknown [120.229.255.202]) by app1 (Coremail) with SMTP id XAUFCgD3VhA+xuRe4KUYAA--.20537S3; Sat, 13 Jun 2020 20:27:44 +0800 (CST) From: Xiyu Yang To: Steve French , linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-kernel@vger.kernel.org Cc: yuanxzhang@fudan.edu.cn, kjlu@umn.edu, Xiyu Yang , Xin Tan Subject: [PATCH] cifs: Fix cached_fid refcnt leak in open_shroot Date: Sat, 13 Jun 2020 20:27:09 +0800 Message-Id: <1592051229-93898-1-git-send-email-xiyuyang19@fudan.edu.cn> X-Mailer: git-send-email 2.7.4 X-CM-TRANSID: XAUFCgD3VhA+xuRe4KUYAA--.20537S3 X-Coremail-Antispam: 1UD129KBjvJXoW7JF4kur1UJF17GF4DGw4fuFg_yoW8JF4rpF sxKr47KFZYga4kt34vy39Ygw1FkayDJw1YqF1qqa4UJr43X39YqrsagryDX3y3GFWvyF4Y qrsF93s0yF4DCFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkC14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4U JVW0owA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC 0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr 1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IE rcIFxwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14 v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFylIxkG c2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI 0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_ Gr1lIxAIcVC2z280aVCY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjfUOlksUU UUU X-CM-SenderInfo: irzsiiysuqikmy6i3vldqovvfxof0/ Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org open_shroot() invokes kref_get(), which increases the refcount of the "tcon->crfid" object. When open_shroot() returns not zero, it means the open operation failed and close_shroot() will not be called to decrement the refcount of the "tcon->crfid". The reference counting issue happens in one normal path of open_shroot(). When the cached root have been opened successfully in a concurrent process, the function increases the refcount and jump to "oshr_free" to return. However the current return value "rc" may not equal to 0, thus the increased refcount will not be balanced outside the function, causing a refcnt leak. Fix this issue by setting the value of "rc" to 0 before jumping to "oshr_free" label. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan --- fs/cifs/smb2ops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 736d86b8a910..28553d45604e 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -763,6 +763,7 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, /* close extra handle outside of crit sec */ SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); } + rc = 0; goto oshr_free; } -- 2.7.4