From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:36640 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750827AbbGaAnG (ORCPT ); Thu, 30 Jul 2015 20:43:06 -0400 Subject: Patch "Btrfs: fix memory leak in the extent_same ioctl" has been added to the 4.1-stable tree To: fdmanana@suse.com, gregkh@linuxfoundation.org, jtaylor.debian@googlemail.com, mfasheh@suse.de, ritter.marcel@gmail.com Cc: , From: Date: Thu, 30 Jul 2015 17:43:05 -0700 Message-ID: <14383033854971@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled Btrfs: fix memory leak in the extent_same ioctl to the 4.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: btrfs-fix-memory-leak-in-the-extent_same-ioctl.patch and it can be found in the queue-4.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 497b4050e0eacd4c746dd396d14916b1e669849d Mon Sep 17 00:00:00 2001 From: Filipe Manana Date: Fri, 3 Jul 2015 08:36:11 +0100 Subject: Btrfs: fix memory leak in the extent_same ioctl From: Filipe Manana commit 497b4050e0eacd4c746dd396d14916b1e669849d upstream. We were allocating memory with memdup_user() but we were never releasing that memory. This affected pretty much every call to the ioctl, whether it deduplicated extents or not. This issue was reported on IRC by Julian Taylor and on the mailing list by Marcel Ritter, credit goes to them for finding the issue. Reported-by: Julian Taylor Reported-by: Marcel Ritter Signed-off-by: Filipe Manana Reviewed-by: Mark Fasheh Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/ioctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2938,7 +2938,7 @@ out_unlock: static long btrfs_ioctl_file_extent_same(struct file *file, struct btrfs_ioctl_same_args __user *argp) { - struct btrfs_ioctl_same_args *same; + struct btrfs_ioctl_same_args *same = NULL; struct btrfs_ioctl_same_extent_info *info; struct inode *src = file_inode(file); u64 off; @@ -2968,6 +2968,7 @@ static long btrfs_ioctl_file_extent_same if (IS_ERR(same)) { ret = PTR_ERR(same); + same = NULL; goto out; } @@ -3038,6 +3039,7 @@ static long btrfs_ioctl_file_extent_same out: mnt_drop_write_file(file); + kfree(same); return ret; } Patches currently in stable-queue which might be from fdmanana@suse.com are queue-4.1/btrfs-fix-file-corruption-after-cloning-inline-extents.patch queue-4.1/btrfs-fix-race-between-caching-kthread-and-returning-inode-to-inode-cache.patch queue-4.1/btrfs-fix-list-transaction-pending_ordered-corruption.patch queue-4.1/btrfs-fix-memory-leak-in-the-extent_same-ioctl.patch queue-4.1/btrfs-use-kmem_cache_free-when-freeing-entry-in-inode-cache.patch queue-4.1/btrfs-fix-fsync-data-loss-after-append-write.patch