From: Greg Kroah-Hartman Date: Thu, 28 Sep 2017 13:34:10 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v3.18.73~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c03a6f74105da557b82f3925e1c8cb12a798850;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: cifs-release-auth_key.response-for-reconnect.patch cifs-release-cifs-root_cred-after-exit_cifs.patch --- diff --git a/queue-4.4/cifs-release-auth_key.response-for-reconnect.patch b/queue-4.4/cifs-release-auth_key.response-for-reconnect.patch new file mode 100644 index 00000000000..87780f595b1 --- /dev/null +++ b/queue-4.4/cifs-release-auth_key.response-for-reconnect.patch @@ -0,0 +1,58 @@ +From f5c4ba816315d3b813af16f5571f86c8d4e897bd Mon Sep 17 00:00:00 2001 +From: Shu Wang +Date: Fri, 8 Sep 2017 18:48:33 +0800 +Subject: cifs: release auth_key.response for reconnect. + +From: Shu Wang + +commit f5c4ba816315d3b813af16f5571f86c8d4e897bd upstream. + +There is a race that cause cifs reconnect in cifs_mount, +- cifs_mount + - cifs_get_tcp_session + - [ start thread cifs_demultiplex_thread + - cifs_read_from_socket: -ECONNABORTED + - DELAY_WORK smb2_reconnect_server ] + - cifs_setup_session + - [ smb2_reconnect_server ] + +auth_key.response was allocated in cifs_setup_session, and +will release when the session destoried. So when session re- +connect, auth_key.response should be check and released. + +Tested with my system: +CIFS VFS: Free previous auth_key.response = ffff8800320bbf80 + +A simple auth_key.response allocation call trace: +- cifs_setup_session +- SMB2_sess_setup +- SMB2_sess_auth_rawntlmssp_authenticate +- build_ntlmssp_auth_blob +- setup_ntlmv2_rsp + +Signed-off-by: Shu Wang +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -4060,6 +4060,14 @@ cifs_setup_session(const unsigned int xi + cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n", + server->sec_mode, server->capabilities, server->timeAdj); + ++ if (ses->auth_key.response) { ++ cifs_dbg(VFS, "Free previous auth_key.response = %p\n", ++ ses->auth_key.response); ++ kfree(ses->auth_key.response); ++ ses->auth_key.response = NULL; ++ ses->auth_key.len = 0; ++ } ++ + if (server->ops->sess_setup) + rc = server->ops->sess_setup(xid, ses, nls_info); + diff --git a/queue-4.4/cifs-release-cifs-root_cred-after-exit_cifs.patch b/queue-4.4/cifs-release-cifs-root_cred-after-exit_cifs.patch new file mode 100644 index 00000000000..07ec597926e --- /dev/null +++ b/queue-4.4/cifs-release-cifs-root_cred-after-exit_cifs.patch @@ -0,0 +1,47 @@ +From 94183331e815617246b1baa97e0916f358c794bb Mon Sep 17 00:00:00 2001 +From: Shu Wang +Date: Thu, 7 Sep 2017 16:03:27 +0800 +Subject: cifs: release cifs root_cred after exit_cifs + +From: Shu Wang + +commit 94183331e815617246b1baa97e0916f358c794bb upstream. + +memory leak was found by kmemleak. exit_cifs_spnego +should be called before cifs module removed, or +cifs root_cred will not be released. + +kmemleak report: +unreferenced object 0xffff880070a3ce40 (size 192): + backtrace: + kmemleak_alloc+0x4a/0xa0 + kmem_cache_alloc+0xc7/0x1d0 + prepare_kernel_cred+0x20/0x120 + init_cifs_spnego+0x2d/0x170 [cifs] + 0xffffffffc07801f3 + do_one_initcall+0x51/0x1b0 + do_init_module+0x60/0x1fd + load_module+0x161e/0x1b60 + SYSC_finit_module+0xa9/0x100 + SyS_finit_module+0xe/0x10 + +Signed-off-by: Shu Wang +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -1294,7 +1294,7 @@ exit_cifs(void) + exit_cifs_idmap(); + #endif + #ifdef CONFIG_CIFS_UPCALL +- unregister_key_type(&cifs_spnego_key_type); ++ exit_cifs_spnego(); + #endif + cifs_destroy_request_bufs(); + cifs_destroy_mids();