Commit 89bb430f authored by Ziyan Xu's avatar Ziyan Xu Committed by Steve French
Browse files

ksmbd: fix refcount leak causing resource not released 



When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not
decremented properly, causing a refcount leak that prevents the count from
reaching zero and the memory from being released.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarZiyan Xu <ziyan@securitygossip.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent c0d41112

fs/smb/server/oplock.c

+10 −3
Original line number Diff line number Diff line
@@ -1102,8 +1102,10 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, 
			if (!atomic_inc_not_zero(&opinfo->refcount))

				continue;



			if (ksmbd_conn_releasing(opinfo->conn))

			if (ksmbd_conn_releasing(opinfo->conn)) {

				opinfo_put(opinfo);

				continue;

			}



			oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE, NULL);

			opinfo_put(opinfo);
@@ -1139,8 +1141,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) 
			if (!atomic_inc_not_zero(&opinfo->refcount))

				continue;



			if (ksmbd_conn_releasing(opinfo->conn))

			if (ksmbd_conn_releasing(opinfo->conn)) {

				opinfo_put(opinfo);

				continue;

			}



			oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE, NULL);

			opinfo_put(opinfo);

		}
@@ -1343,8 +1348,10 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp, 
		if (!atomic_inc_not_zero(&brk_op->refcount))

			continue;



		if (ksmbd_conn_releasing(brk_op->conn))

		if (ksmbd_conn_releasing(brk_op->conn)) {

			opinfo_put(brk_op);

			continue;

		}



		if (brk_op->is_lease && (brk_op->o_lease->state &

		    (~(SMB2_LEASE_READ_CACHING_LE |