| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200518173544.207122094@linuxfoundation.org>
Date: Mon, 18 May 2020 19:37:26 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Adam McCoy <adam@...sedomani.com>,
Steve French <stfrench@...rosoft.com>,
Pavel Shilovsky <pshilov@...rosoft.com>
Subject: [PATCH 5.6 156/194] cifs: fix leaked reference on requeued write
From: Adam McCoy <adam@...sedomani.com>
commit a48137996063d22ffba77e077425f49873856ca5 upstream.
Failed async writes that are requeued may not clean up a refcount
on the file, which can result in a leaked open. This scenario arises
very reliably when using persistent handles and a reconnect occurs
while writing.
cifs_writev_requeue only releases the reference if the write fails
(rc != 0). The server->ops->async_writev operation will take its own
reference, so the initial reference can always be released.
Signed-off-by: Adam McCoy <adam@...sedomani.com>
Signed-off-by: Steve French <stfrench@...rosoft.com>
CC: Stable <stable@...r.kernel.org>
Reviewed-by: Pavel Shilovsky <pshilov@...rosoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/cifs/cifssmb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -2138,8 +2138,8 @@ cifs_writev_requeue(struct cifs_writedat
}
}
+ kref_put(&wdata2->refcount, cifs_writedata_release);
if (rc) {
- kref_put(&wdata2->refcount, cifs_writedata_release);
if (is_retryable_error(rc))
continue;
i += nr_pages;
Powered by blists - more mailing lists