CIFS: Fix possible oops and memory leaks in async IO

mainline inclusion
from mainline-v5.0-rc4-4-g9bda8723
commit 9bda8723
category: bugfix
bugzilla: 7426
CVE: NA

-------------------------------------------------

Allocation of a page array for non-cached IO was separated from
allocation of rdata and wdata structures and this introduced memory
leaks and a possible null pointer dereference. This patch fixes
these problems.

conflict:
	fs/cifs/file.c

Cc: <stable@vger.kernel.org>
Signed-off-by: NPavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: NSteve French <stfrench@microsoft.com>
Signed-off-by: NZhangXiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: NMiao Xie <miaoxie@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

fs/cifs/file.c

@@ -2564,6 +2564,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from,
 
 		rc = cifs_write_allocate_pages(wdata->pages, nr_pages);
 		if (rc) {
+			kvfree(wdata->pages);
 			kfree(wdata);
 			add_credits_and_wake_if(server, credits, 0);
 			break;
@@ -2574,6 +2575,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from,
 		if (rc) {
 			for (i = 0; i < nr_pages; i++)
 				put_page(wdata->pages[i]);
+			kvfree(wdata->pages);
 			kfree(wdata);
 			add_credits_and_wake_if(server, credits, 0);
 			break;
@@ -3130,8 +3132,12 @@ cifs_send_async_read(loff_t offset, size_t len, struct cifsFileInfo *open_file,
 		}
 
 		rc = cifs_read_allocate_pages(rdata, npages);
-		if (rc)
-			goto error;
+		if (rc) {
+			kvfree(rdata->pages);
+			kfree(rdata);
+			add_credits_and_wake_if(server, credits, 0);
+			break;
+		}
 
 		rdata->cfile = cifsFileInfo_get(open_file);
 		rdata->nr_pages = npages;
@@ -3149,7 +3155,6 @@ cifs_send_async_read(loff_t offset, size_t len, struct cifsFileInfo *open_file,
 		if (!rdata->cfile->invalidHandle ||
 		    !(rc = cifs_reopen_file(rdata->cfile, true)))
 			rc = server->ops->async_readv(rdata);
-error:
 		if (rc) {
 			add_credits_and_wake_if(server, rdata->credits, 0);
 			kref_put(&rdata->refcount,