From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43CEAC10F11 for ; Mon, 15 Apr 2019 08:31:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AB52120651 for ; Mon, 15 Apr 2019 08:31:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555317067; bh=W6MT20VYBTeb/RhuN5peccFU13kOqF1XOJA3v9zL/jU=; h=Subject:To:Cc:From:Date:List-ID:From; b=Tg6t8GRYbRGiQMsQuoKqOLLkq4R/Bw4xosBS7/47ffh57V1oFgYO1Cszwm93ocIkZ JyBhbgpwQZtksqBZ+3K5uManml8fe0NZl/tpHx/Lnpe0xWSIUBHzTPAV1SVxUDDXTw z1QFNeOVxemaJwTXTR9szknjDOCAVxIPfjvBJGds= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726683AbfDOIbH (ORCPT ); Mon, 15 Apr 2019 04:31:07 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:45171 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725972AbfDOIbH (ORCPT ); Mon, 15 Apr 2019 04:31:07 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id DDF6925E58; Mon, 15 Apr 2019 04:31:05 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Mon, 15 Apr 2019 04:31:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=BsvC3e 8t3q5dq2T1a0gaXuW+/vUwmqyxfv0+DKcfSjI=; b=NQQjI/bDNU/dno1ZyE//OH 5e6Ys95VsYEam5Y+b4//jpUQ2pFGdHbufilLJMP/We+7oOVTS2l9HWL7SeS3r5XO 4DntchmXcOweRBwAi07Y+Jhi3qKZhPreaQRxbuIGoon62gB1nfKWHg1SsSmfMs8Y zwEz/rftqsD8ZvSaMylhJ3w6fk09XksPavu/b9SHLAxlygUsSgMInDgymuuzfZwH RUOKwtNOi5E1XL/7Rt07NI8C/PbdDp44yz16bGQtzOlth8mhDuPwv1QzBSAHncis +9zDQIwK/mKk15GvJlAXLDyfOVvIn9zbLoLQVdvkoWjElz/c0vgh8eHC9I0gJvBw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrvdelgddtgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttd flnecuhfhrohhmpeeoghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhg qeenucfkphepkeefrdekiedrkeelrddutdejnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hgrhgvgheskhhrohgrhhdrtghomhenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) by mail.messagingengine.com (Postfix) with ESMTPA id 6074B103C9; Mon, 15 Apr 2019 04:31:05 -0400 (EDT) Subject: FAILED: patch "[PATCH] cifs: fix kref underflow in close_shroot()" failed to apply to 4.19-stable tree To: lsahlber@redhat.com, stable@vger.kernel.org, stfrench@microsoft.com Cc: From: Date: Mon, 15 Apr 2019 10:31:02 +0200 Message-ID: <15553170629575@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2f94a3125b8742b05a011d62b16f52eb8f9ebe1c Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Thu, 28 Mar 2019 11:20:02 +1000 Subject: [PATCH] cifs: fix kref underflow in close_shroot() Fix a bug where we used to not initialize the cached fid structure at all in open_shroot() if the open was successful but we did not get a lease. This would leave the structure uninitialized and later when we close the handle we would in close_shroot() try to kref_put() an uninitialized refcount. Fix this by always initializing this structure if the open was successful but only do the extra get() if we got a lease. This extra get() is only used to hold the structure until we get a lease break from the server at which point we will kref_put() it during lease processing. Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French CC: Stable diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 1022a3771e14..7cfafac255aa 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -717,20 +717,18 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid) oparms.fid->mid = le64_to_cpu(o_rsp->sync_hdr.MessageId); #endif /* CIFS_DEBUG2 */ - if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) - oplock = smb2_parse_lease_state(server, o_rsp, - &oparms.fid->epoch, - oparms.fid->lease_key); - else - goto oshr_exit; - - memcpy(tcon->crfid.fid, pfid, sizeof(struct cifs_fid)); tcon->crfid.tcon = tcon; tcon->crfid.is_valid = true; kref_init(&tcon->crfid.refcount); - kref_get(&tcon->crfid.refcount); + if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) { + kref_get(&tcon->crfid.refcount); + oplock = smb2_parse_lease_state(server, o_rsp, + &oparms.fid->epoch, + oparms.fid->lease_key); + } else + goto oshr_exit; qi_rsp = (struct smb2_query_info_rsp *)rsp_iov[1].iov_base; if (le32_to_cpu(qi_rsp->OutputBufferLength) < sizeof(struct smb2_file_all_info))