CIFS: Fix possible memory leaks in SMB2 code

and add missed increments of failed async read and write requests. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
author: Pavel Shilovsky <piastry@etersoft.ru> 2012-09-19 08:03:26 -0400
committer: Steve French <smfrench@gmail.com> 2012-09-24 22:46:34 -0400
commit: e5d04887196ee30423c79e52043d418e04012954 (patch)
tree: c251c3827b3def8c95d9e5b700c8de9ae42c2b12 /fs/cifs/smb2pdu.c
parent: e4e3703555b6eb1afa0be86a45cd3c8bccb6cb08 (diff)
1 files changed, 14 insertions, 9 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 1572abefb378..a7db95f4760c 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1218,13 +1218,13 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon,
        iov[0].iov_len = get_rfc1002_length(req) + 4;
        rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
+        rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
        if (rc) {
                cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
                goto qinf_exit;
        }
-        rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
        rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
                                   le32_to_cpu(rsp->OutputBufferLength),
                                   &rsp->hdr, min_len, data);
@@ -1485,8 +1485,10 @@ smb2_async_readv(struct cifs_readdata *rdata)
        rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,
                             cifs_readv_receive, smb2_readv_callback,
                             rdata, 0);
-        if (rc)
+        if (rc) {
                kref_put(&rdata->refcount, cifs_readdata_release);
+                cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
+        }
        cifs_small_buf_release(buf);
        return rc;
@@ -1643,8 +1645,10 @@ smb2_async_writev(struct cifs_writedata *wdata)
        rc = cifs_call_async(tcon->ses->server, &rqst, NULL,
                                smb2_writev_callback, wdata, 0);
-        if (rc)
+        if (rc) {
                kref_put(&wdata->refcount, cifs_writedata_release);
+                cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
+        }
 async_writev_out:
        cifs_small_buf_release(req);
@@ -1700,15 +1704,15 @@ SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
        rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,
                          &resp_buftype, 0);
+        rsp = (struct smb2_write_rsp *)iov[0].iov_base;
        if (rc) {
                cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
                cERROR(1, "Send error in write = %d", rc);
-        } else {
+        } else
-                rsp = (struct smb2_write_rsp *)iov[0].iov_base;
                *nbytes = le32_to_cpu(rsp->DataLength);
-                free_rsp_buf(resp_buftype, rsp);
-        }
+        free_rsp_buf(resp_buftype, rsp);
        return rc;
 }
@@ -1828,11 +1832,12 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
        inc_rfc1001_len(req, len - 1 /* Buffer */);
        rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
+        rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
        if (rc) {
                cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
                goto qdir_exit;
        }
-        rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
        rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
                          le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
author	Pavel Shilovsky <piastry@etersoft.ru>	2012-09-19 08:03:26 -0400
committer	Steve French <smfrench@gmail.com>	2012-09-24 22:46:34 -0400
commit	e5d04887196ee30423c79e52043d418e04012954 (patch)
tree	c251c3827b3def8c95d9e5b700c8de9ae42c2b12 /fs/cifs/smb2pdu.c
parent	e4e3703555b6eb1afa0be86a45cd3c8bccb6cb08 (diff)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 1572abefb378..a7db95f4760c 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c
@@ -1218,13 +1218,13 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon,
1218	iov[0].iov_len = get_rfc1002_length(req) + 4;	1218	iov[0].iov_len = get_rfc1002_length(req) + 4;
1219		1219
1220	rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);	1220	rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
		1221	rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
		1222
1221	if (rc) {	1223	if (rc) {
1222	cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);	1224	cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
1223	goto qinf_exit;	1225	goto qinf_exit;
1224	}	1226	}
1225		1227
1226	rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
1227
1228	rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),	1228	rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
1229	le32_to_cpu(rsp->OutputBufferLength),	1229	le32_to_cpu(rsp->OutputBufferLength),
1230	&rsp->hdr, min_len, data);	1230	&rsp->hdr, min_len, data);
@@ -1485,8 +1485,10 @@ smb2_async_readv(struct cifs_readdata *rdata)
1485	rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,	1485	rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,
1486	cifs_readv_receive, smb2_readv_callback,	1486	cifs_readv_receive, smb2_readv_callback,
1487	rdata, 0);	1487	rdata, 0);
1488	if (rc)	1488	if (rc) {
1489	kref_put(&rdata->refcount, cifs_readdata_release);	1489	kref_put(&rdata->refcount, cifs_readdata_release);
		1490	cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
		1491	}
1490		1492
1491	cifs_small_buf_release(buf);	1493	cifs_small_buf_release(buf);
1492	return rc;	1494	return rc;
@@ -1643,8 +1645,10 @@ smb2_async_writev(struct cifs_writedata *wdata)
1643	rc = cifs_call_async(tcon->ses->server, &rqst, NULL,	1645	rc = cifs_call_async(tcon->ses->server, &rqst, NULL,
1644	smb2_writev_callback, wdata, 0);	1646	smb2_writev_callback, wdata, 0);
1645		1647
1646	if (rc)	1648	if (rc) {
1647	kref_put(&wdata->refcount, cifs_writedata_release);	1649	kref_put(&wdata->refcount, cifs_writedata_release);
		1650	cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
		1651	}
1648		1652
1649	async_writev_out:	1653	async_writev_out:
1650	cifs_small_buf_release(req);	1654	cifs_small_buf_release(req);
@@ -1700,15 +1704,15 @@ SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
1700		1704
1701	rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,	1705	rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,
1702	&resp_buftype, 0);	1706	&resp_buftype, 0);
		1707	rsp = (struct smb2_write_rsp *)iov[0].iov_base;
1703		1708
1704	if (rc) {	1709	if (rc) {
1705	cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);	1710	cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
1706	cERROR(1, "Send error in write = %d", rc);	1711	cERROR(1, "Send error in write = %d", rc);
1707	} else {	1712	} else
1708	rsp = (struct smb2_write_rsp *)iov[0].iov_base;
1709	*nbytes = le32_to_cpu(rsp->DataLength);	1713	*nbytes = le32_to_cpu(rsp->DataLength);
1710	free_rsp_buf(resp_buftype, rsp);	1714
1711	}	1715	free_rsp_buf(resp_buftype, rsp);
1712	return rc;	1716	return rc;
1713	}	1717	}
1714		1718
@@ -1828,11 +1832,12 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
1828	inc_rfc1001_len(req, len - 1 /* Buffer */);	1832	inc_rfc1001_len(req, len - 1 /* Buffer */);
1829		1833
1830	rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);	1834	rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
		1835	rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
		1836
1831	if (rc) {	1837	if (rc) {
1832	cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);	1838	cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
1833	goto qdir_exit;	1839	goto qdir_exit;
1834	}	1840	}
1835	rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base;
1836		1841
1837	rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),	1842	rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
1838	le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,	1843	le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,