From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 24 May 2021 09:00:03 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.270~64
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8f88776d6c322f97ddff378929ffe8119821a05a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	cifs-fix-memory-leak-in-smb2_copychunk_range.patch
---

diff --git a/queue-4.4/cifs-fix-memory-leak-in-smb2_copychunk_range.patch b/queue-4.4/cifs-fix-memory-leak-in-smb2_copychunk_range.patch
new file mode 100644
index 00000000000..653de0094ad
--- /dev/null
+++ b/queue-4.4/cifs-fix-memory-leak-in-smb2_copychunk_range.patch
@@ -0,0 +1,36 @@
+From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Wed, 19 May 2021 08:40:11 +1000
+Subject: cifs: fix memory leak in smb2_copychunk_range
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.
+
+When using smb2_copychunk_range() for large ranges we will
+run through several iterations of a loop calling SMB2_ioctl()
+but never actually free the returned buffer except for the final
+iteration.
+This leads to memory leaks everytime a large copychunk is requested.
+
+Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2ops.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -619,6 +619,8 @@ smb2_clone_range(const unsigned int xid,
+ 			cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));
+ 
+ 		/* Request server copy to target from src identified by key */
++		kfree(retbuf);
++		retbuf = NULL;
+ 		rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
+ 			trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
+ 			true /* is_fsctl */, (char *)pcchunk,
diff --git a/queue-4.4/series b/queue-4.4/series
index 10780d80075..cfbf4b15f30 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -1,3 +1,4 @@
 openrisc-fix-a-memory-leak.patch
 scsi-qla2xxx-fix-error-return-code-in-qla82xx_write_.patch
 ptrace-make-ptrace-fail-if-the-tracee-changed-its-pi.patch
+cifs-fix-memory-leak-in-smb2_copychunk_range.patch