Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/fs/smb/client
History
Shuhao Fu ab529e6ca1 fs/smb: Fix inconsistent refcnt update 
A possible inconsistent update of refcount was identified in `smb2_compound_op`.
Such inconsistent update could lead to possible resource leaks.

Why it is a possible bug:
1. In the comment section of the function, it clearly states that the
reference to `cfile` should be dropped after calling this function.
2. Every control flow path would check and drop the reference to
`cfile`, except the patched one.
3. Existing callers would not handle refcount update of `cfile` if
-ENOMEM is returned.

To fix the bug, an extra goto label "out" is added, to make sure that the
cleanup logic would always be respected. As the problem is caused by the
allocation failure of `vars`, the cleanup logic between label "finished"
and "out" can be safely ignored. According to the definition of function
`is_replayable_error`, the error code of "-ENOMEM" is not recoverable.
Therefore, the replay logic also gets ignored.

Signed-off-by: Shuhao Fu <sfual@cse.ust.hk>
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
 		2025-08-27 14:59:06 -05:00
..
compress move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
Kconfig smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig 2024-12-19 09:24:35 -06:00
Makefile cifs: Move the SMB1 transport code out of transport.c 2025-08-06 12:01:54 -05:00
asn1.c smb3: add support for IAKerb 2025-01-31 12:51:44 -06:00
cached_dir.c cifs: add new field to track the last access time of cfid 2025-07-27 16:59:59 -05:00
cached_dir.h smb3 client: add way to show directory leases for improved debugging 2025-07-31 09:42:54 -05:00
cifs_debug.c smb: client: make use of smbdirect_socket.recv_io.reassembly.* 2025-08-06 15:04:14 -05:00
cifs_debug.h
cifs_fs_sb.h smb:client: smb: client: Add reverse mapping from tcon to superblocks 2025-03-31 21:12:31 -05:00
cifs_ioctl.h smb: minor fix to use SMB2_NTLMV2_SESSKEY_SIZE for auth_key size 2025-06-21 11:03:25 -05:00
cifs_spnego.c cifs: avoid extra calls to strlen() in cifs_get_spnego_key() 2025-08-11 23:20:26 -05:00
cifs_spnego.h
cifs_spnego_negtokeninit.asn1
cifs_swn.c
cifs_swn.h
cifs_unicode.c cifs: Fix creating native symlinks pointing to current or parent directory 2024-10-06 22:57:12 -05:00
cifs_unicode.h
cifsacl.c cifs: add validation check for the fields in smb_aces 2025-03-26 14:51:14 -05:00
cifsacl.h smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
cifsencrypt.c smb: client: fix session setup against servers that require SPN 2025-07-27 16:59:59 -05:00
cifsfs.c smb3 client: fix return code mapping of remap_file_range 2025-08-25 09:40:38 -05:00
cifsfs.h cifs: update internal version number 2025-08-13 11:36:20 -05:00
cifsglob.h smb: client: fix mid_q_entry memleak leak with per-mid locking 2025-08-13 11:36:05 -05:00
cifspdu.h cifs: Correctly set SMB1 SessionKey field in Session Setup Request 2025-06-01 20:43:49 -05:00
cifsproto.h cifs: Move the SMB1 transport code out of transport.c 2025-08-06 12:01:54 -05:00
cifsroot.c
cifssmb.c smb: client: fix creating symlinks under POSIX mounts 2025-08-04 19:29:14 -05:00
cifstransport.c smb: client: fix mid_q_entry memleak leak with per-mid locking 2025-08-13 11:36:05 -05:00
compress.c cifs: Fix collect_sample() to handle any iterator type 2025-08-11 23:20:07 -05:00
compress.h
connect.c smb: client: remove redundant lstrp update in negotiate protocol 2025-08-13 11:36:24 -05:00
dfs.c smb: client: don't trust DFSREF_STORAGE_SERVER bit 2025-02-05 21:09:00 -06:00
dfs.h smb: client: get rid of kstrdup() in get_ses_refpath() 2025-02-05 21:09:07 -06:00
dfs_cache.c smb: client: get rid of kstrdup() in get_ses_refpath() 2025-02-05 21:09:07 -06:00
dfs_cache.h
dir.c smb: invalidate and close cached directory when creating child entries 2025-07-13 17:16:29 -05:00
dns_resolve.c smb: client: provide dns_resolve_{unc,name} helpers 2025-01-19 19:34:00 -06:00
dns_resolve.h smb: client: provide dns_resolve_{unc,name} helpers 2025-01-19 19:34:00 -06:00
export.c
file.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
fs_context.c smb: client: default to nonativesocket under POSIX mounts 2025-08-04 19:29:10 -05:00
fs_context.h smb: client: set symlink type as native for POSIX mounts 2025-08-01 00:16:19 -05:00
fscache.c
fscache.h
inode.c smb: client: fix race with concurrent opens in rename(2) 2025-08-10 12:39:51 -05:00
ioctl.c smb: minor fix to use SMB2_NTLMV2_SESSKEY_SIZE for auth_key size 2025-06-21 11:03:25 -05:00
link.c smb: client: fix creating symlinks under POSIX mounts 2025-08-04 19:29:14 -05:00
misc.c cifs: all initializations for tcon should happen in tcon_info_alloc 2025-06-30 14:44:44 -05:00
namespace.c 13 smb3/cifs client fixes 2025-06-03 16:04:29 -07:00
netlink.c
netlink.h
netmisc.c cifs: Change translation of STATUS_PRIVILEGE_NOT_HELD to -EPERM 2025-01-29 16:52:25 -06:00
nterr.c cifs: Change translation of STATUS_NOT_A_REPARSE_POINT to -ENODATA 2025-01-26 23:12:03 -06:00
nterr.h cifs: Change translation of STATUS_NOT_A_REPARSE_POINT to -ENODATA 2025-01-26 23:12:03 -06:00
ntlmssp.h
readdir.c smb: client: fix readdir returning wrong type with POSIX extensions 2025-06-29 16:16:29 -05:00
reparse.c smb: client: set symlink type as native for POSIX mounts 2025-08-01 00:16:19 -05:00
reparse.h cifs: Add support for creating reparse points over SMB1 2025-07-27 17:43:08 -05:00
rfc1002pdu.h cifs: Fix endian types in struct rfc1002_session_packet 2025-01-19 19:34:00 -06:00
sess.c cifs: reset iface weights when we cannot find a candidate 2025-07-27 16:59:58 -05:00
smb1ops.c smb: client: add mid_counter_lock to protect the mid counter counter 2025-08-05 11:29:00 -05:00
smb2file.c cifs: Do not add FILE_READ_ATTRIBUTES when using GENERIC_READ/EXECUTE/ALL 2025-04-01 04:58:09 -05:00
smb2glob.h cifs: Improve SMB2+ stat() to work also without FILE_READ_ATTRIBUTES 2025-04-01 04:58:05 -05:00
smb2inode.c fs/smb: Fix inconsistent refcnt update 2025-08-27 14:59:06 -05:00
smb2maperror.c cifs: Change translation of STATUS_PRIVILEGE_NOT_HELD to -EPERM 2025-01-29 16:52:25 -06:00
smb2misc.c cifs: avoid NULL pointer dereference in dbg call 2025-03-24 09:45:07 -05:00
smb2ops.c cifs: Fix oops due to uninitialised variable 2025-08-19 11:16:14 -05:00
smb2pdu.c five smb3 client fixes 2025-07-05 13:05:28 -07:00
smb2pdu.h smb: client: correctly handle ErrorContextData as a flexible array 2025-01-19 19:34:00 -06:00
smb2proto.h cifs: Add support for creating reparse points over SMB1 2025-07-27 17:43:08 -05:00
smb2transport.c smb: client: fix mid_q_entry memleak leak with per-mid locking 2025-08-13 11:36:05 -05:00
smbdirect.c smb: client: don't wait for info->send_pending == 0 on error 2025-08-13 11:36:12 -05:00
smbdirect.h smb: client: only use a single wait_queue to monitor smbdirect connection status 2025-08-07 12:40:11 -05:00
smbencrypt.c
smberr.h
trace.c
trace.h smb: client: remove \t from TP_printk statements 2025-06-25 13:51:50 -05:00
transport.c smb: client: fix mid_q_entry memleak leak with per-mid locking 2025-08-13 11:36:05 -05:00
unc.c
winucase.c
xattr.c cifs: Add a new xattr system.smb3_ntsd_owner for getting or setting owner 2025-04-01 01:54:17 -05:00