Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3524168pxj;
        Mon, 24 May 2021 08:37:29 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzaZzQ5TZc1WOQWVpYv/9Qij75m5XSGwS8TrTONG1P6KwvNmxUwcHlhodER9GXoZ+rDXcQ9
X-Received: by 2002:a17:906:e98:: with SMTP id p24mr23754480ejf.478.1621870649603;
        Mon, 24 May 2021 08:37:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621870649; cv=none;
        d=google.com; s=arc-20160816;
        b=CGxLY8mUh1t6+cWWp44dYz0IaOF11xljV+K8b1n+YynlGzj/8AlL4nsOxHWEbr8kGk
         sNHSNjfCq1JSwrt/Xxzjd47sOJU8/HgxWfvxBlX0Th7ResiJYpNGcggeSuZepK0fw7aO
         425K0jgWEB/eBCNBLECU2oCpfop6Pv6qJueaUCvFDqBxyGoYA2/a9MAzYRbEk+iPwbwA
         9HM0gEPDfUGVPsjhsQZfSV+a9pm5UX4bHFvf8B1tx2ECljSDBE4ZG+uhw+ZzdnI9eGTU
         nxV4bK93SHvDkzUIi1oH8gRV08Euab6wTi7z/RcL+gIRkewHVf8uIBWLIFH0yx6ni0Kz
         bDWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=keORmmQeTWI6EsJ1wa21jf0Ng0A4X259i0+30x42r/k=;
        b=SYj+Psqf43cQTQRZm0Q5yUOP/8v3u4nWQ9/bQOqJkLzpSmDE67vxBIfCRcMZ/gsdK6
         hixTliIHVpZPVcC+Pcfnm6ZyWmztTvpfEkihTHoa2owCGis02bvf4vjQ1v29/KpyB/YX
         Z9hB/0x8sRd+g1zw40v3YsSTdVu/P+7dbocFYoQIR4g7dwVyHb+MHoII/QO51nMrmrtR
         p6ye549I6cMKwf3cxFzkjbjdzLfGWUFfiugrCqzu+mh9io77kgyQiGVtuBD6EtWNklQx
         /Qg6XWsBUaab9FaNu3h4hTgJCSghfWKCOJq8zwuby77BEGPWfUs0UrbLj7KT0iQzbP2d
         SXYQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yCDShAkU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a3si12746055edx.149.2021.05.24.08.37.06;
        Mon, 24 May 2021 08:37:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yCDShAkU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233171AbhEXPhe (ORCPT <rfc822;lstoakes@gmail.com> + 99 others);
        Mon, 24 May 2021 11:37:34 -0400
Received: from mail.kernel.org ([198.145.29.99]:51348 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233884AbhEXPec (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 May 2021 11:34:32 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 9026B61407;
        Mon, 24 May 2021 15:31:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1621870312;
        bh=q9xQrSc5sl+L7ZGZa70/BVN647UacWgBDzev996eUNM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=yCDShAkUWYAJikClpSW+fk9rwTkXofmzld4OKs/aIYFvSzJxuArAwq1swfeEe3tJh
         yqAyz7nTfDv83iz+ThotTXR+N9INsKm+XIOomDmN04P999MqWv+UIPIwqM2KxKUVRa
         KBZ4btgTXZ+52MkX4fA7/YPuASOD6R4TeiXZjU6g=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Aurelien Aptel <aaptel@suse.com>,
        Ronnie Sahlberg <lsahlber@redhat.com>,
        Steve French <stfrench@microsoft.com>
Subject: [PATCH 4.9 05/36] cifs: fix memory leak in smb2_copychunk_range
Date:   Mon, 24 May 2021 17:24:50 +0200
Message-Id: <20210524152324.340206658@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210524152324.158146731@linuxfoundation.org>
References: <20210524152324.158146731@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ronnie Sahlberg <lsahlber@redhat.com>

commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.

When using smb2_copychunk_range() for large ranges we will
run through several iterations of a loop calling SMB2_ioctl()
but never actually free the returned buffer except for the final
iteration.
This leads to memory leaks everytime a large copychunk is requested.

Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
Cc: <stable@vger.kernel.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/smb2ops.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -629,6 +629,8 @@ smb2_clone_range(const unsigned int xid,
 			cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));
 
 		/* Request server copy to target from src identified by key */
+		kfree(retbuf);
+		retbuf = NULL;
 		rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
 			trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
 			true /* is_fsctl */, (char *)pcchunk,