diff mbox series

[5/8] cifs: create SMB2_open_init()/SMB2_open_free() helpers.

Message ID 20180725050134.6638-6-lsahlber@redhat.com
State New
Headers show
Series cifs: add compounding support | expand

Commit Message

Ronnie Sahlberg July 25, 2018, 5:01 a.m. UTC 
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/smb2pdu.c   | 145 +++++++++++++++++++++++++++-------------------------
 fs/cifs/smb2proto.h |   4 ++
 2 files changed, 78 insertions(+), 71 deletions(-)

Comments

Aurélien Aptel July 31, 2018, 11:41 a.m. UTC | #1 
I think there's a leak here:

Ronnie Sahlberg <lsahlber@redhat.com> writes:
> +		copy_size = uni_path_len;
> +		if (copy_size % 8 != 0)
> +			copy_size = roundup(copy_size, 8);
> +		copy_path = kzalloc(copy_size, GFP_KERNEL);
> +		if (!copy_path)
> +			return -ENOMEM;
> +		memcpy((char *)copy_path, (const char *)path,
> +		       uni_path_len);
> +		uni_path_len = copy_size;
> +		path = copy_path;

We still allocate the paths

> @@ -2163,12 +2138,8 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>  	else {
>  		rc = add_lease_context(server, iov, &n_iov,
>  				       oparms->fid->lease_key, oplock);
> -		if (rc) {
> -			cifs_small_buf_release(req);
> -			kfree(copy_path);
> +		if (rc)
>  			return rc;
> -		}
> -		lc_buf = iov[n_iov-1].iov_base;
>  	}
>  
>  	if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
> @@ -2182,13 +2153,8 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>  
>  		rc = add_durable_context(iov, &n_iov, oparms,
>  					tcon->use_persistent);
> -		if (rc) {
> -			cifs_small_buf_release(req);
> -			kfree(copy_path);
> -			kfree(lc_buf);
> +		if (rc)
>  			return rc;
> -		}
> -		dhc_buf = iov[n_iov-1].iov_base;
>  	}
>  
>  	if (tcon->posix_extensions) {
> @@ -2200,23 +2166,63 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>  		}
>  
>  		rc = add_posix_context(iov, &n_iov, oparms->mode);
> -		if (rc) {
> -			cifs_small_buf_release(req);
> -			kfree(copy_path);
> -			kfree(lc_buf);
> -			kfree(dhc_buf);
> +		if (rc)
>  			return rc;
> -		}
> -		pc_buf = iov[n_iov-1].iov_base;
>  	}
>  
> +	rqst->rq_nvec = n_iov;
> +	return 0;
> +}
> +
> +/* rq_iov[0] is the request and is released by cifs_small_buf_release().
> + * All other vectors are freed by kfree().
> + */
> +void
> +SMB2_open_free(struct smb_rqst *rqst) {
> +	int i;
> +
> +	cifs_small_buf_release(rqst->rq_iov[0].iov_base);
> +	for (i = 1; i < rqst->rq_nvec; i++)
> +		kfree(rqst->rq_iov[i].iov_base);
> +}

But it seems we never free them now


> @@ -2253,10 +2259,7 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>  	else
>  		*oplock = rsp->OplockLevel;
>  creat_exit:
> -	kfree(copy_path);
> -	kfree(lc_buf);
> -	kfree(dhc_buf);
> -	kfree(pc_buf);
> +	SMB2_open_free(&rqst);
>  	free_rsp_buf(resp_buftype, rsp);
>  	return rc;
>  }

Not here either.
Ronnie Sahlberg July 31, 2018, 11:24 p.m. UTC | #2 
I think it is ok. We allocate path but assign it to the iov. (which is rqst->rq_iov)

This is later kfree()d in SMB2_open_free()





----- Original Message -----
> From: "Aurélien Aptel" <aaptel@suse.com>
> To: "Ronnie Sahlberg" <lsahlber@redhat.com>, "linux-cifs" <linux-cifs@vger.kernel.org>
> Cc: "Steve French" <smfrench@gmail.com>
> Sent: Tuesday, 31 July, 2018 9:41:08 PM
> Subject: Re: [PATCH 5/8] cifs: create SMB2_open_init()/SMB2_open_free() helpers.
> 
> I think there's a leak here:
> 
> Ronnie Sahlberg <lsahlber@redhat.com> writes:
> > +		copy_size = uni_path_len;
> > +		if (copy_size % 8 != 0)
> > +			copy_size = roundup(copy_size, 8);
> > +		copy_path = kzalloc(copy_size, GFP_KERNEL);
> > +		if (!copy_path)
> > +			return -ENOMEM;
> > +		memcpy((char *)copy_path, (const char *)path,
> > +		       uni_path_len);
> > +		uni_path_len = copy_size;
> > +		path = copy_path;
> 
> We still allocate the paths
> 
> > @@ -2163,12 +2138,8 @@ SMB2_open(const unsigned int xid, struct
> > cifs_open_parms *oparms, __le16 *path,
> >  	else {
> >  		rc = add_lease_context(server, iov, &n_iov,
> >  				       oparms->fid->lease_key, oplock);
> > -		if (rc) {
> > -			cifs_small_buf_release(req);
> > -			kfree(copy_path);
> > +		if (rc)
> >  			return rc;
> > -		}
> > -		lc_buf = iov[n_iov-1].iov_base;
> >  	}
> >  
> >  	if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
> > @@ -2182,13 +2153,8 @@ SMB2_open(const unsigned int xid, struct
> > cifs_open_parms *oparms, __le16 *path,
> >  
> >  		rc = add_durable_context(iov, &n_iov, oparms,
> >  					tcon->use_persistent);
> > -		if (rc) {
> > -			cifs_small_buf_release(req);
> > -			kfree(copy_path);
> > -			kfree(lc_buf);
> > +		if (rc)
> >  			return rc;
> > -		}
> > -		dhc_buf = iov[n_iov-1].iov_base;
> >  	}
> >  
> >  	if (tcon->posix_extensions) {
> > @@ -2200,23 +2166,63 @@ SMB2_open(const unsigned int xid, struct
> > cifs_open_parms *oparms, __le16 *path,
> >  		}
> >  
> >  		rc = add_posix_context(iov, &n_iov, oparms->mode);
> > -		if (rc) {
> > -			cifs_small_buf_release(req);
> > -			kfree(copy_path);
> > -			kfree(lc_buf);
> > -			kfree(dhc_buf);
> > +		if (rc)
> >  			return rc;
> > -		}
> > -		pc_buf = iov[n_iov-1].iov_base;
> >  	}
> >  
> > +	rqst->rq_nvec = n_iov;
> > +	return 0;
> > +}
> > +
> > +/* rq_iov[0] is the request and is released by cifs_small_buf_release().
> > + * All other vectors are freed by kfree().
> > + */
> > +void
> > +SMB2_open_free(struct smb_rqst *rqst) {
> > +	int i;
> > +
> > +	cifs_small_buf_release(rqst->rq_iov[0].iov_base);
> > +	for (i = 1; i < rqst->rq_nvec; i++)
> > +		kfree(rqst->rq_iov[i].iov_base);
> > +}
> 
> But it seems we never free them now
> 
> 
> > @@ -2253,10 +2259,7 @@ SMB2_open(const unsigned int xid, struct
> > cifs_open_parms *oparms, __le16 *path,
> >  	else
> >  		*oplock = rsp->OplockLevel;
> >  creat_exit:
> > -	kfree(copy_path);
> > -	kfree(lc_buf);
> > -	kfree(dhc_buf);
> > -	kfree(pc_buf);
> > +	SMB2_open_free(&rqst);
> >  	free_rsp_buf(resp_buftype, rsp);
> >  	return rc;
> >  }
> 
> Not here either.
> 
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox series

Patch

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 0b4d7ebb812d..3a7a8c2c6963 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2054,44 +2054,28 @@  int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
 }
 
 int
-SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
-	  __u8 *oplock, struct smb2_file_all_info *buf,
-	  struct kvec *err_iov, int *buftype)
+SMB2_open_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, __u8 *oplock,
+	       struct cifs_open_parms *oparms, __le16 *path)
 {
-	struct smb_rqst rqst;
+	struct TCP_Server_Info *server = tcon->ses->server;
 	struct smb2_create_req *req;
-	struct smb2_create_rsp *rsp;
-	struct TCP_Server_Info *server;
-	struct cifs_tcon *tcon = oparms->tcon;
-	struct cifs_ses *ses = tcon->ses;
-	struct kvec iov[5]; /* make sure at least one for each open context */
-	struct kvec rsp_iov = {NULL, 0};
-	int resp_buftype;
-	int uni_path_len;
-	__le16 *copy_path = NULL;
-	int copy_size;
-	int rc = 0;
 	unsigned int n_iov = 2;
 	__u32 file_attributes = 0;
-	char *dhc_buf = NULL, *lc_buf = NULL, *pc_buf = NULL;
-	int flags = 0;
+	int copy_size;
+	int uni_path_len;
 	unsigned int total_len;
-
-	cifs_dbg(FYI, "create/open\n");
-
-	if (ses && (ses->server))
-		server = ses->server;
-	else
-		return -EIO;
+	struct kvec *iov = rqst->rq_iov;
+	__le16 *copy_path;
+	int rc;
 
 	rc = smb2_plain_req_init(SMB2_CREATE, tcon, (void **) &req, &total_len);
+	iov[0].iov_base = (char *)req;
+	/* -1 since last byte is buf[0] which is sent below (path) */
+	iov[0].iov_len = total_len - 1;
 
 	if (rc)
 		return rc;
 
-	if (smb3_encryption_required(tcon))
-		flags |= CIFS_TRANSFORM_REQ;
-
 	if (oparms->create_options & CREATE_OPTION_READONLY)
 		file_attributes |= ATTR_READONLY;
 	if (oparms->create_options & CREATE_OPTION_SPECIAL)
@@ -2104,11 +2088,6 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 	req->ShareAccess = FILE_SHARE_ALL_LE;
 	req->CreateDisposition = cpu_to_le32(oparms->disposition);
 	req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
-
-	iov[0].iov_base = (char *)req;
-	/* -1 since last byte is buf[0] which is sent below (path) */
-	iov[0].iov_len = total_len - 1;
-
 	req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
 
 	/* [MS-SMB2] 2.2.13 NameOffset:
@@ -2126,10 +2105,8 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
 						 &name_len,
 						 tcon->treeName, path);
-		if (rc) {
-			cifs_small_buf_release(req);
+		if (rc)
 			return rc;
-		}
 		req->NameLength = cpu_to_le16(name_len * 2);
 		uni_path_len = copy_size;
 		path = copy_path;
@@ -2137,18 +2114,16 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 		uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
 		/* MUST set path len (NameLength) to 0 opening root of share */
 		req->NameLength = cpu_to_le16(uni_path_len - 2);
-		if (uni_path_len % 8 != 0) {
-			copy_size = roundup(uni_path_len, 8);
-			copy_path = kzalloc(copy_size, GFP_KERNEL);
-			if (!copy_path) {
-				cifs_small_buf_release(req);
-				return -ENOMEM;
-			}
-			memcpy((char *)copy_path, (const char *)path,
-			       uni_path_len);
-			uni_path_len = copy_size;
-			path = copy_path;
-		}
+		copy_size = uni_path_len;
+		if (copy_size % 8 != 0)
+			copy_size = roundup(copy_size, 8);
+		copy_path = kzalloc(copy_size, GFP_KERNEL);
+		if (!copy_path)
+			return -ENOMEM;
+		memcpy((char *)copy_path, (const char *)path,
+		       uni_path_len);
+		uni_path_len = copy_size;
+		path = copy_path;
 	}
 
 	iov[1].iov_len = uni_path_len;
@@ -2163,12 +2138,8 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 	else {
 		rc = add_lease_context(server, iov, &n_iov,
 				       oparms->fid->lease_key, oplock);
-		if (rc) {
-			cifs_small_buf_release(req);
-			kfree(copy_path);
+		if (rc)
 			return rc;
-		}
-		lc_buf = iov[n_iov-1].iov_base;
 	}
 
 	if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
@@ -2182,13 +2153,8 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 
 		rc = add_durable_context(iov, &n_iov, oparms,
 					tcon->use_persistent);
-		if (rc) {
-			cifs_small_buf_release(req);
-			kfree(copy_path);
-			kfree(lc_buf);
+		if (rc)
 			return rc;
-		}
-		dhc_buf = iov[n_iov-1].iov_base;
 	}
 
 	if (tcon->posix_extensions) {
@@ -2200,23 +2166,63 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 		}
 
 		rc = add_posix_context(iov, &n_iov, oparms->mode);
-		if (rc) {
-			cifs_small_buf_release(req);
-			kfree(copy_path);
-			kfree(lc_buf);
-			kfree(dhc_buf);
+		if (rc)
 			return rc;
-		}
-		pc_buf = iov[n_iov-1].iov_base;
 	}
 
+	rqst->rq_nvec = n_iov;
+	return 0;
+}
+
+/* rq_iov[0] is the request and is released by cifs_small_buf_release().
+ * All other vectors are freed by kfree().
+ */
+void
+SMB2_open_free(struct smb_rqst *rqst) {
+	int i;
+
+	cifs_small_buf_release(rqst->rq_iov[0].iov_base);
+	for (i = 1; i < rqst->rq_nvec; i++)
+		kfree(rqst->rq_iov[i].iov_base);
+}
+
+int
+SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
+	  __u8 *oplock, struct smb2_file_all_info *buf,
+	  struct kvec *err_iov, int *buftype)
+{
+	struct smb_rqst rqst;
+	struct smb2_create_rsp *rsp = NULL;
+	struct TCP_Server_Info *server;
+	struct cifs_tcon *tcon = oparms->tcon;
+	struct cifs_ses *ses = tcon->ses;
+	struct kvec iov[5]; /* make sure at least one for each open context */
+	struct kvec rsp_iov = {NULL, 0};
+	int resp_buftype;
+	int rc = 0;
+	int flags = 0;
+
+	cifs_dbg(FYI, "create/open\n");
+
+	if (ses && (ses->server))
+		server = ses->server;
+	else
+		return -EIO;
+
+	if (smb3_encryption_required(tcon))
+		flags |= CIFS_TRANSFORM_REQ;
+
 	memset(&rqst, 0, sizeof(struct smb_rqst));
+	memset(&iov, 0, sizeof(iov));
 	rqst.rq_iov = iov;
-	rqst.rq_nvec = n_iov;
+	rqst.rq_nvec = 5;
+
+	rc = SMB2_open_init(tcon, &rqst, oplock, oparms, path);
+	if (rc)
+		goto creat_exit;
 
 	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags,
 			    &rsp_iov);
-	cifs_small_buf_release(req);
 	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
 
 	if (rc != 0) {
@@ -2253,10 +2259,7 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 	else
 		*oplock = rsp->OplockLevel;
 creat_exit:
-	kfree(copy_path);
-	kfree(lc_buf);
-	kfree(dhc_buf);
-	kfree(pc_buf);
+	SMB2_open_free(&rqst);
 	free_rsp_buf(resp_buftype, rsp);
 	return rc;
 }
diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h
index 98d9b30c16a6..3686ccc2a32b 100644
--- a/fs/cifs/smb2proto.h
+++ b/fs/cifs/smb2proto.h
@@ -132,6 +132,10 @@  extern int SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms,
 		     __le16 *path, __u8 *oplock,
 		     struct smb2_file_all_info *buf,
 		     struct kvec *err_iov, int *resp_buftype);
+extern int SMB2_open_init(struct cifs_tcon *tcon, struct smb_rqst *rqst,
+			  __u8 *oplock, struct cifs_open_parms *oparms,
+			  __le16 *path);
+extern void SMB2_open_free(struct smb_rqst *rqst);
 extern int SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon,
 		     u64 persistent_fid, u64 volatile_fid, u32 opcode,
 		     bool is_fsctl, char *in_data, u32 indatalen,