Revert "cifs: fix memory leak in SMB2_read"

This reverts commit c54a881d793e3eea2a1b1460c5778b22128821ea which is
commit 05fd5c2c61732152a6bddc318aae62d7e436629b upstream.

Lars writes:
	This patch should not be in 4.14-stable because
	088aaf17aa79300cab14dbee2569c58cfafd7d6e was for 4.18+.

	Now we have a double-free crash in SMB2_read because there are 2
	calls to cifs_small_buf_release in the error path.

It was a mistake to backport it this far, so let's revert it.

Reported-by: Lars Persson <lists@bofh.nu>
Cc: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: Pavel Shilovsky <pshilov@microsoft.com>
Cc: Steve French <stfrench@microsoft.com>
Cc: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 7936eac5a38a2eb9fe52b65ea84ecec06e8d10df..fd2d199dd413e1386c0ef573abe3736da2d111b8 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2699,7 +2699,6 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
                        cifs_dbg(VFS, "Send error in read = %d\n", rc);
                }
                free_rsp_buf(resp_buftype, rsp_iov.iov_base);
-               cifs_small_buf_release(req);
                return rc == -ENODATA ? 0 : rc;
        }