From patchwork Thu Aug 6 20:37:03 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kamal Mostafa X-Patchwork-Id: 504833 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 421001402AB; Fri, 7 Aug 2015 06:38:56 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1ZNRwB-0007AO-FG; Thu, 06 Aug 2015 20:38:51 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1ZNRuU-0005zr-1A for kernel-team@lists.ubuntu.com; Thu, 06 Aug 2015 20:37:06 +0000 Received: from 1.general.kamal.us.vpn ([10.172.68.52] helo=fourier) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1ZNRuT-0006d1-QU; Thu, 06 Aug 2015 20:37:05 +0000 Received: from kamal by fourier with local (Exim 4.82) (envelope-from ) id 1ZNRuR-0004GY-It; Thu, 06 Aug 2015 13:37:03 -0700 From: Kamal Mostafa To: Filipe Manana Subject: [3.13.y-ckt stable] Patch "Btrfs: fix memory leak in the extent_same ioctl" has been added to staging queue Date: Thu, 6 Aug 2015 13:37:03 -0700 Message-Id: <1438893423-16368-1-git-send-email-kamal@canonical.com> X-Mailer: git-send-email 1.9.1 X-Extended-Stable: 3.13 Cc: Julian Taylor , Marcel Ritter , Kamal Mostafa , Mark Fasheh , kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com This is a note to let you know that I have just added a patch titled Btrfs: fix memory leak in the extent_same ioctl to the linux-3.13.y-queue branch of the 3.13.y-ckt extended stable tree which can be found at: http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.13.y-queue This patch is scheduled to be released in version 3.13.11-ckt25. If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.13.y-ckt tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Kamal ------ From 3eb889f9ea89b4c0f2013922a07b6023301892e7 Mon Sep 17 00:00:00 2001 From: Filipe Manana Date: Fri, 3 Jul 2015 08:36:11 +0100 Subject: Btrfs: fix memory leak in the extent_same ioctl commit 497b4050e0eacd4c746dd396d14916b1e669849d upstream. We were allocating memory with memdup_user() but we were never releasing that memory. This affected pretty much every call to the ioctl, whether it deduplicated extents or not. This issue was reported on IRC by Julian Taylor and on the mailing list by Marcel Ritter, credit goes to them for finding the issue. Reported-by: Julian Taylor Reported-by: Marcel Ritter Signed-off-by: Filipe Manana Reviewed-by: Mark Fasheh Signed-off-by: Kamal Mostafa --- fs/btrfs/ioctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 1.9.1 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 05f5c87..3152235 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2698,7 +2698,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, void __user *argp) { struct btrfs_ioctl_same_args tmp; - struct btrfs_ioctl_same_args *same; + struct btrfs_ioctl_same_args *same = NULL; struct btrfs_ioctl_same_extent_info *info; struct inode *src = file->f_dentry->d_inode; struct file *dst_file = NULL; @@ -2732,6 +2732,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, if (IS_ERR(same)) { ret = PTR_ERR(same); + same = NULL; goto out; } @@ -2819,6 +2820,7 @@ next: out: mnt_drop_write_file(file); + kfree(same); return ret; }