Merge tag 'v5.2-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Four small smb3 fixes, one for stable"

* tag 'v5.2-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
  dfs_cache: fix a wrong use of kfree in flush_cache_ent()
  fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free
  cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case

3 files changed, 11 insertions, 6 deletions

diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
index 85dc89d3a203..e3e1c13df439 100644
--- a/fs/cifs/dfs_cache.c
+++ b/fs/cifs/dfs_cache.c
@@ -132,7 +132,7 @@ static inline void flush_cache_ent(struct dfs_cache_entry *ce)
                 return;
 
         hlist_del_init_rcu(&ce->ce_hlist);
-        kfree(ce->ce_path);
+        kfree_const(ce->ce_path);
         free_tgts(ce);
         dfs_cache_count--;
         call_rcu(&ce->ce_rcu, free_cache_entry);
@@ -422,7 +422,7 @@ alloc_cache_entry(const char *path, const struct dfs_info3_param *refs,
 
         rc = copy_ref_data(refs, numrefs, ce, NULL);
         if (rc) {
-                kfree(ce->ce_path);
+                kfree_const(ce->ce_path);
                 kmem_cache_free(dfs_cache_slab, ce);
                 ce = ERR_PTR(rc);
         }
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index ce9a5be11df5..06e27ac6d82c 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3216,7 +3216,9 @@ cifs_read_allocate_pages(struct cifs_readdata *rdata, unsigned int nr_pages)
         }
 
         if (rc) {
-                for (i = 0; i < nr_pages; i++) {
+                unsigned int nr_page_failed = i;
+
+                for (i = 0; i < nr_page_failed; i++) {
                         put_page(rdata->pages[i]);
                         rdata->pages[i] = NULL;
                 }
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 710ceb875161..29b699d532ef 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1054,7 +1054,8 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
                  * not supported error. Client should accept it.
                  */
                 cifs_dbg(VFS, "Server does not support validate negotiate\n");
-                return 0;
+                rc = 0;
+                goto out_free_inbuf;
         } else if (rc != 0) {
                 cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc);
                 rc = -EIO;
@@ -2619,10 +2620,12 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst,
 void
 SMB2_ioctl_free(struct smb_rqst *rqst)
 {
+        int i;
         if (rqst && rqst->rq_iov) {
                 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
-                if (rqst->rq_iov[1].iov_len)
-                        kfree(rqst->rq_iov[1].iov_base);
+                for (i = 1; i < rqst->rq_nvec; i++)
+                        if (rqst->rq_iov[i].iov_base != smb2_padding)
+                                kfree(rqst->rq_iov[i].iov_base);
         }
 }