tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(),
so we should not call it again after post_sendmsg()
moved it to the batch list.

Reported-by: Ruikai Peng <ruikai@pwno.io>
Closes: https://lore.kernel.org/linux-cifs/CAFD3drNOSJ05y3A+jNXSDxW-2w09KHQ0DivhxQ_pcc7immVVOQ@mail.gmail.com/
Fixes: 34abd408c8ba ("smb: server: make use of smbdirect_socket.send_io.bcredits")
Cc: stable@kernel.org
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Ruikai Peng <ruikai@pwno.io>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Cc: security@kernel.org
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Tested-by: Ruikai Peng <ruikai@pwno.io>
Signed-off-by: Steve French <stfrench@microsoft.com>

authored by

Stefan Metzmacher and committed by
Steve French 84ff995a 27b7c3e9

+7 -1
+7 -1
fs/smb/server/transport_rdma.c
··· 1588 1588 if (ret) 1589 1589 goto err; 1590 1590 1591 + /* 1592 + * From here msg is moved to send_ctx 1593 + * and we should not free it explicitly. 1594 + */ 1595 + 1591 1596 if (send_ctx == &_send_ctx) { 1592 1597 ret = smb_direct_flush_send_list(sc, send_ctx, true); 1593 1598 if (ret) 1594 - goto err; 1599 + goto flush_failed; 1595 1600 } 1596 1601 1597 1602 return 0; 1598 1603 err: 1599 1604 smb_direct_free_sendmsg(sc, msg); 1605 + flush_failed: 1600 1606 header_failed: 1601 1607 atomic_inc(&sc->send_io.credits.count); 1602 1608 credit_failed: