--- /dev/null
+From 652727bbe1b17993636346716ae5867627793647 Mon Sep 17 00:00:00 2001
+From: Frank Sorenson <sorenson@redhat.com>
+Date: Tue, 16 Apr 2019 08:37:27 -0500
+Subject: cifs: do not attempt cifs operation on smb2+ rename error
+
+From: Frank Sorenson <sorenson@redhat.com>
+
+commit 652727bbe1b17993636346716ae5867627793647 upstream.
+
+A path-based rename returning EBUSY will incorrectly try opening
+the file with a cifs (NT Create AndX) operation on an smb2+ mount,
+which causes the server to force a session close.
+
+If the mount is smb2+, skip the fallback.
+
+Signed-off-by: Frank Sorenson <sorenson@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Stable <stable@vger.kernel.org>
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/inode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/cifs/inode.c
++++ b/fs/cifs/inode.c
+@@ -1735,6 +1735,10 @@ cifs_do_rename(const unsigned int xid, s
+ if (rc == 0 || rc != -EBUSY)
+ goto do_rename_exit;
+
++ /* Don't fall back to using SMB on SMB 2+ mount */
++ if (server->vals->protocol_id != 0)
++ goto do_rename_exit;
++
+ /* open-file renames don't work across directories */
+ if (to_dentry->d_parent != from_dentry->d_parent)
+ goto do_rename_exit;
--- /dev/null
+From 05fd5c2c61732152a6bddc318aae62d7e436629b Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Tue, 23 Apr 2019 16:39:45 +1000
+Subject: cifs: fix memory leak in SMB2_read
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit 05fd5c2c61732152a6bddc318aae62d7e436629b upstream.
+
+Commit 088aaf17aa79300cab14dbee2569c58cfafd7d6e introduced a leak where
+if SMB2_read() returned an error we would return without freeing the
+request buffer.
+
+Cc: Stable <stable@vger.kernel.org>
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2pdu.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -3285,6 +3285,7 @@ SMB2_read(const unsigned int xid, struct
+ rc);
+ }
+ free_rsp_buf(resp_buftype, rsp_iov.iov_base);
++ cifs_small_buf_release(req);
+ return rc == -ENODATA ? 0 : rc;
+ } else
+ trace_smb3_read_done(xid, req->PersistentFileId,
powerpc-vdso32-fix-clock_monotonic-on-ppc64.patch
alsa-hda-ca0132-fix-build-error-without-config_pci.patch
net-dsa-mv88e6xxx-add-call-to-mv88e6xxx_ports_cmode_.patch
+cifs-fix-memory-leak-in-smb2_read.patch
+cifs-do-not-attempt-cifs-operation-on-smb2-rename-error.patch
+tracing-fix-a-memory-leak-by-early-error-exit-in-trace_pid_write.patch
--- /dev/null
+From 91862cc7867bba4ee5c8fcf0ca2f1d30427b6129 Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wang6495@umn.edu>
+Date: Fri, 19 Apr 2019 21:22:59 -0500
+Subject: tracing: Fix a memory leak by early error exit in trace_pid_write()
+
+From: Wenwen Wang <wang6495@umn.edu>
+
+commit 91862cc7867bba4ee5c8fcf0ca2f1d30427b6129 upstream.
+
+In trace_pid_write(), the buffer for trace parser is allocated through
+kmalloc() in trace_parser_get_init(). Later on, after the buffer is used,
+it is then freed through kfree() in trace_parser_put(). However, it is
+possible that trace_pid_write() is terminated due to unexpected errors,
+e.g., ENOMEM. In that case, the allocated buffer will not be freed, which
+is a memory leak bug.
+
+To fix this issue, free the allocated buffer when an error is encountered.
+
+Link: http://lkml.kernel.org/r/1555726979-15633-1-git-send-email-wang6495@umn.edu
+
+Fixes: f4d34a87e9c10 ("tracing: Use pid bitmap instead of a pid array for set_event_pid")
+Cc: stable@vger.kernel.org
+Signed-off-by: Wenwen Wang <wang6495@umn.edu>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -496,8 +496,10 @@ int trace_pid_write(struct trace_pid_lis
+ * not modified.
+ */
+ pid_list = kmalloc(sizeof(*pid_list), GFP_KERNEL);
+- if (!pid_list)
++ if (!pid_list) {
++ trace_parser_put(&parser);
+ return -ENOMEM;
++ }
+
+ pid_list->pid_max = READ_ONCE(pid_max);
+
+@@ -507,6 +509,7 @@ int trace_pid_write(struct trace_pid_lis
+
+ pid_list->pids = vzalloc((pid_list->pid_max + 7) >> 3);
+ if (!pid_list->pids) {
++ trace_parser_put(&parser);
+ kfree(pid_list);
+ return -ENOMEM;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
