Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-01-18 07:53:27 +0100
committerJiri Slaby <jslaby@suse.cz>2019-01-18 07:53:33 +0100
commitf533d4d46d412c6fcb49eedd0252ee74c1f3b86f (patch)
treeedf8924c9bdf46023e7b83c95bc0bf8a9dccf184
parent4fc3e06327370c733ea8a603d7667e16354f786b (diff)
cifs: check kzalloc return (bnc#1012628).
-rw-r--r--patches.kernel.org/4.20.3-017-cifs-check-kzalloc-return.patch77
-rw-r--r--series.conf1
2 files changed, 78 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.3-017-cifs-check-kzalloc-return.patch b/patches.kernel.org/4.20.3-017-cifs-check-kzalloc-return.patch
new file mode 100644
index 0000000000..169827255d
--- /dev/null
+++ b/patches.kernel.org/4.20.3-017-cifs-check-kzalloc-return.patch
@@ -0,0 +1,77 @@
+From: Joe Perches <joe@perches.com>
+Date: Thu, 20 Dec 2018 23:50:48 -0600
+Subject: [PATCH] cifs: check kzalloc return
+References: bnc#1012628
+Patch-mainline: 4.20.3
+Git-commit: 0544b324e62c177c3a9e9c3bdce22e6db9f34588
+
+commit 0544b324e62c177c3a9e9c3bdce22e6db9f34588 upstream.
+
+kzalloc can return NULL so an additional check is needed. While there
+is a check for ret_buf there is no check for the allocation of
+ret_buf->crfid.fid - this check is thus added. Both call-sites
+of tconInfoAlloc() check for NULL return of tconInfoAlloc()
+so returning NULL on failure of kzalloc() here seems appropriate.
+As the kzalloc() is the only thing here that can fail it is
+moved to the beginning so as not to initialize other resources
+on failure of kzalloc.
+
+Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
+
+Signed-off-by: Joe Perches <joe@perches.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ fs/cifs/misc.c | 34 ++++++++++++++++++++--------------
+ 1 file changed, 20 insertions(+), 14 deletions(-)
+
+diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
+index 8a41f4eba726..6f33253938cd 100644
+--- a/fs/cifs/misc.c
++++ b/fs/cifs/misc.c
+@@ -111,21 +111,27 @@ struct cifs_tcon *
+ tconInfoAlloc(void)
+ {
+ struct cifs_tcon *ret_buf;
+- ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
+- if (ret_buf) {
+- atomic_inc(&tconInfoAllocCount);
+- ret_buf->tidStatus = CifsNew;
+- ++ret_buf->tc_count;
+- INIT_LIST_HEAD(&ret_buf->openFileList);
+- INIT_LIST_HEAD(&ret_buf->tcon_list);
+- spin_lock_init(&ret_buf->open_file_lock);
+- mutex_init(&ret_buf->crfid.fid_mutex);
+- ret_buf->crfid.fid = kzalloc(sizeof(struct cifs_fid),
+- GFP_KERNEL);
+- spin_lock_init(&ret_buf->stat_lock);
+- atomic_set(&ret_buf->num_local_opens, 0);
+- atomic_set(&ret_buf->num_remote_opens, 0);
++
++ ret_buf = kzalloc(sizeof(*ret_buf), GFP_KERNEL);
++ if (!ret_buf)
++ return NULL;
++ ret_buf->crfid.fid = kzalloc(sizeof(*ret_buf->crfid.fid), GFP_KERNEL);
++ if (!ret_buf->crfid.fid) {
++ kfree(ret_buf);
++ return NULL;
+ }
++
++ atomic_inc(&tconInfoAllocCount);
++ ret_buf->tidStatus = CifsNew;
++ ++ret_buf->tc_count;
++ INIT_LIST_HEAD(&ret_buf->openFileList);
++ INIT_LIST_HEAD(&ret_buf->tcon_list);
++ spin_lock_init(&ret_buf->open_file_lock);
++ mutex_init(&ret_buf->crfid.fid_mutex);
++ spin_lock_init(&ret_buf->stat_lock);
++ atomic_set(&ret_buf->num_local_opens, 0);
++ atomic_set(&ret_buf->num_remote_opens, 0);
++
+ return ret_buf;
+ }
+
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index 8fb158166e..20a625ebaa 100644
--- a/series.conf
+++ b/series.conf
@@ -254,6 +254,7 @@
patches.kernel.org/4.20.3-014-CIFS-Do-not-hide-EINTR-after-sending-network-p.patch
patches.kernel.org/4.20.3-015-CIFS-Fix-credit-computation-for-compounded-req.patch
patches.kernel.org/4.20.3-016-cifs-Fix-potential-OOB-access-of-lock-element-.patch
+ patches.kernel.org/4.20.3-017-cifs-check-kzalloc-return.patch
########################################################
# Build fixes that apply to the vanilla kernel too.