From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Shuhao Fu <sfual@cse.ust.hk>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 6.6 001/105] smb: client: Fix refcount leak for cifs_sb_tlink
Date: Tue, 21 Oct 2025 21:50:10 +0200 [thread overview]
Message-ID: <20251021195021.530455975@linuxfoundation.org> (raw)
In-Reply-To: <20251021195021.492915002@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shuhao Fu <sfual@cse.ust.hk>
commit c2b77f42205ef485a647f62082c442c1cd69d3fc upstream.
Fix three refcount inconsistency issues related to `cifs_sb_tlink`.
Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be
called after successful calls to `cifs_sb_tlink()`. Three calls fail to
update refcount accordingly, leading to possible resource leaks.
Fixes: 8ceb98437946 ("CIFS: Move rename to ops struct")
Fixes: 2f1afe25997f ("cifs: Use smb 2 - 3 and cifsacl mount options getacl functions")
Fixes: 366ed846df60 ("cifs: Use smb 2 - 3 and cifsacl mount options setacl function")
Cc: stable@vger.kernel.org
Signed-off-by: Shuhao Fu <sfual@cse.ust.hk>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/inode.c | 6 ++++--
fs/smb/client/smb2ops.c | 8 ++++----
2 files changed, 8 insertions(+), 6 deletions(-)
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -2319,8 +2319,10 @@ cifs_do_rename(const unsigned int xid, s
tcon = tlink_tcon(tlink);
server = tcon->ses->server;
- if (!server->ops->rename)
- return -ENOSYS;
+ if (!server->ops->rename) {
+ rc = -ENOSYS;
+ goto do_rename_exit;
+ }
/* try path-based rename first */
rc = server->ops->rename(xid, tcon, from_dentry,
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -3072,8 +3072,7 @@ get_smb2_acl_by_path(struct cifs_sb_info
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
if (!utf16_path) {
rc = -ENOMEM;
- free_xid(xid);
- return ERR_PTR(rc);
+ goto put_tlink;
}
oparms = (struct cifs_open_parms) {
@@ -3105,6 +3104,7 @@ get_smb2_acl_by_path(struct cifs_sb_info
SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
}
+put_tlink:
cifs_put_tlink(tlink);
free_xid(xid);
@@ -3145,8 +3145,7 @@ set_smb2_acl(struct smb_ntsd *pnntsd, __
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
if (!utf16_path) {
rc = -ENOMEM;
- free_xid(xid);
- return rc;
+ goto put_tlink;
}
oparms = (struct cifs_open_parms) {
@@ -3167,6 +3166,7 @@ set_smb2_acl(struct smb_ntsd *pnntsd, __
SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
}
+put_tlink:
cifs_put_tlink(tlink);
free_xid(xid);
return rc;
next prev parent reply other threads:[~2025-10-21 19:52 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 19:50 [PATCH 6.6 000/105] 6.6.114-rc1 review Greg Kroah-Hartman
2025-10-21 19:50 ` Greg Kroah-Hartman [this message]
2025-10-21 19:50 ` [PATCH 6.6 002/105] r8152: add error handling in rtl8152_driver_init Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 003/105] KVM: arm64: Prevent access to vCPU events before init Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 004/105] f2fs: fix wrong block mapping for multi-devices Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 005/105] jbd2: ensure that all ongoing I/O complete before freeing blocks Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 006/105] ext4: wait for ongoing I/O to " Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 007/105] ext4: detect invalid INLINE_DATA + EXTENTS flag combination Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 008/105] btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 009/105] btrfs: fix incorrect readahead expansion length Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 010/105] btrfs: do not assert we found block group item when creating free space tree Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 011/105] can: gs_usb: gs_make_candev(): populate net_device->dev_port Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 012/105] can: gs_usb: increase max interface to U8_MAX Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 013/105] cifs: parse_dfs_referrals: prevent oob on malformed input Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 014/105] drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 015/105] drm/amdgpu: use atomic functions with memory barriers for vm fault info Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 016/105] drm/amd: Check whether secure display TA loaded successfully Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 017/105] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 018/105] Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 019/105] epoll: Remove ep_scan_ready_list() in comments Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 020/105] eventpoll: Replace rwlock with spinlock Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 021/105] drm/msm/adreno: De-spaghettify the use of memory barriers Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 022/105] drm/msm/a6xx: Fix PDC sleep sequence Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 023/105] drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 024/105] drm/exynos: exynos7_drm_decon: properly clear channels during bind Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 025/105] drm/exynos: exynos7_drm_decon: remove ctx->suspended Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 026/105] media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 027/105] media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 028/105] usb: gadget: Store endpoint pointer in usb_request Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 029/105] usb: gadget: Introduce free_usb_request helper Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 030/105] usb: gadget: f_ecm: Refactor bind path to use __free() Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 031/105] usb: gadget: f_acm: " Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 032/105] usb: gadget: f_ncm: " Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 033/105] usb: gadget: f_rndis: " Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 034/105] HID: multitouch: fix sticky fingers Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 035/105] dax: skip read lock assertion for read-only filesystems Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 036/105] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 037/105] net: dlink: handle dma_map_single() failure properly Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 038/105] doc: fix seg6_flowlabel path Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 039/105] r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 040/105] net/ip6_tunnel: Prevent perpetual tunnel growth Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 041/105] amd-xgbe: Avoid spurious link down messages during interface toggle Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 042/105] tcp: fix tcp_tso_should_defer() vs large RTT Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 043/105] tg3: prevent use of uninitialized remote_adv and local_adv variables Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 044/105] tls: trim encrypted message to match the plaintext on short splice Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 045/105] net: tls: wait for async completion on last message Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 046/105] tls: wait for async encrypt in case of error during latter iterations of sendmsg Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 047/105] tls: always set record_type in tls_process_cmsg Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 048/105] tls: wait for pending async decryptions if tls_strp_msg_hold fails Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 049/105] tls: dont rely on tx_work during send() Greg Kroah-Hartman
2025-10-21 19:50 ` [PATCH 6.6 050/105] net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 051/105] net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 052/105] nvme-multipath: Skip nr_active increments in RETRY disposition Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 053/105] riscv: kprobes: Fix probe address validation Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 054/105] drm/bridge: lt9211: Drop check for last nibble of version register Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 055/105] ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 056/105] ASoC: nau8821: Cancel jdet_work before handling jack ejection Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 057/105] ASoC: nau8821: Generalize helper to clear IRQ status Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 058/105] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 059/105] drm/i915/guc: Skip communication warning on reset in progress Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 060/105] drm/amd/powerplay: Fix CIK shutdown temperature Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 061/105] drm/rockchip: vop2: use correct destination rectangle height check Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 062/105] sched/balancing: Rename newidle_balance() => sched_balance_newidle() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 063/105] sched/fair: Fix pelt lost idle time detection Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 064/105] ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 065/105] accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 066/105] selftests/bpf: make arg_parsing.c more robust to crashes Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 067/105] ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 068/105] HID: hid-input: only ignore 0 battery events for digitizers Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 069/105] HID: multitouch: fix name of Stylus input devices Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 070/105] selftests: arg_parsing: Ensure data is flushed to disk before reading Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 071/105] hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 072/105] arm64: cputype: Add Neoverse-V3AE definitions Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 073/105] arm64: errata: Apply workarounds for Neoverse-V3AE Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 074/105] block: fix race between set_blocksize and read paths Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 075/105] nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 076/105] NFSD: Rework encoding and decoding of nfsd4_deviceid Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 077/105] NFSD: Minor cleanup in layoutcommit processing Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 078/105] NFSD: Fix last write offset handling in layoutcommit Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 079/105] xfs: rename the old_crc variable in xlog_recover_process Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 080/105] xfs: fix log CRC mismatches between i386 and other architectures Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 081/105] PM: runtime: Add new devm functions Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 082/105] iio: imu: inv_icm42600: Simplify pm_runtime setup Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 083/105] phy: cdns-dphy: Store hs_clk_rate and return it Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 084/105] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 085/105] iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 086/105] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 087/105] xfs: use deferred intent items for reaping crosslinked blocks Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 088/105] padata: Reset next CPU when reorder sequence wraps around Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 089/105] quota: remove unneeded return value of register_quota_format Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 090/105] fs: quota: create dedicated workqueue for quota_release_work Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 091/105] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 092/105] vfs: Dont leak disconnected dentries on umount Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 093/105] ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 094/105] phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 095/105] PCI: Add PCI_VDEVICE_SUB helper macro Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 096/105] ixgbevf: Add support for Intel(R) E610 device Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 097/105] ixgbevf: fix getting link speed data for E610 devices Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 098/105] ixgbevf: fix mailbox API compatibility by negotiating supported features Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 099/105] nfsd: decouple the xprtsec policy check from check_nfsd_access() Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 100/105] PCI/sysfs: Ensure devices are powered for config reads (part 2) Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 101/105] ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 102/105] mm/ksm: fix flag-dropping behavior in ksm_madvise Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 103/105] PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 104/105] PCI: j721e: Fix programming sequence of "strap" settings Greg Kroah-Hartman
2025-10-21 19:51 ` [PATCH 6.6 105/105] PCI: tegra194: Reset BARs when running in PCIe endpoint mode Greg Kroah-Hartman
2025-10-22 2:46 ` [PATCH 6.6 000/105] 6.6.114-rc1 review Florian Fainelli
2025-10-22 5:18 ` Hardik Garg
2025-10-22 5:34 ` Peter Schneider
2025-10-22 8:56 ` Brett A C Sheffield
2025-10-22 10:43 ` Ron Economos
2025-10-22 12:05 ` Naresh Kamboju
2025-10-22 13:09 ` Pavel Machek
2025-10-22 14:53 ` Mark Brown
2025-10-22 15:05 ` Jon Hunter
2025-10-22 16:17 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251021195021.530455975@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=patches@lists.linux.dev \
--cc=sfual@cse.ust.hk \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).