cifs: check kzalloc return

mainline inclusion from mainline-5.0 commit 0544b324e62c category: bugfix bugzilla: 5840 CVE: NA ------------------------------------------------- kzalloc can return NULL so an additional check is needed. While there is a check for ret_buf there is no check for the allocation of ret_buf->crfid.fid - this check is thus added. Both call-sites of tconInfoAlloc() check for NULL return of tconInfoAlloc() so returning NULL on failure of kzalloc() here seems appropriate. As the kzalloc() is the only thing here that can fail it is moved to the beginning so as not to initialize other resources on failure of kzalloc. Fixes: 3d4ef9a1 ("smb3: fix redundant opens on root") conflict: fs/cifs/misc.c 由于未合入 fae8044c03 smb3: show number of current open files in /proc/fs/cifs/Stats,导致冲突 Signed-off-by: N Joe Perches <joe@perches.com> Signed-off-by: N Steve French <stfrench@microsoft.com> Signed-off-by: N ZhangXiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: N Miao Xie <miaoxie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

cifs: check kzalloc return
mainline inclusion from mainline-5.0 commit 0544b324e62c category: bugfix bugzilla: 5840 CVE: NA ------------------------------------------------- kzalloc can return NULL so an additional check is needed. While there is a check for ret_buf there is no check for the allocation of ret_buf->crfid.fid - this check is thus added. Both call-sites of tconInfoAlloc() check for NULL return of tconInfoAlloc() so returning NULL on failure of kzalloc() here seems appropriate. As the kzalloc() is the only thing here that can fail it is moved to the beginning so as not to initialize other resources on failure of kzalloc. Fixes: 3d4ef9a1 ("smb3: fix redundant opens on root") conflict: fs/cifs/misc.c 由于未合入 fae8044c03 smb3: show number of current open files in /proc/fs/cifs/Stats,导致冲突 Signed-off-by: N Joe Perches <joe@perches.com> Signed-off-by: N Steve French <stfrench@microsoft.com> Signed-off-by: N ZhangXiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: N Miao Xie <miaoxie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
f65f9a50 · Joe Perches · Xie XiuQi · 197123c9 · f65f9a50
隐藏空白更改
内联并排

Showing with 18 addition and 12 deletion

fs/cifs/misc.c fs/cifs/misc.c +18 -12

未找到文件。
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -111,19 +111,25 @@ struct cifs_tcon *
 tconInfoAlloc(void)
 {
 	struct cifs_tcon *ret_buf;
-	ret_buf = kzalloc(sizeof(struct cifs_tcon), GFP_KERNEL);
-	if (ret_buf) {
-		atomic_inc(&tconInfoAllocCount);
-		ret_buf->tidStatus = CifsNew;
-		++ret_buf->tc_count;
-		INIT_LIST_HEAD(&ret_buf->openFileList);
-		INIT_LIST_HEAD(&ret_buf->tcon_list);
-		spin_lock_init(&ret_buf->open_file_lock);
-		mutex_init(&ret_buf->crfid.fid_mutex);
-		ret_buf->crfid.fid = kzalloc(sizeof(struct cifs_fid),
-					     GFP_KERNEL);
-		spin_lock_init(&ret_buf->stat_lock);
+
+	ret_buf = kzalloc(sizeof(*ret_buf), GFP_KERNEL);
+	if (!ret_buf)
+		return NULL;
+	ret_buf->crfid.fid = kzalloc(sizeof(*ret_buf->crfid.fid), GFP_KERNEL);
+	if (!ret_buf->crfid.fid) {
+		kfree(ret_buf);
+		return NULL;
 	}
+
+	atomic_inc(&tconInfoAllocCount);
+	ret_buf->tidStatus = CifsNew;
+	++ret_buf->tc_count;
+	INIT_LIST_HEAD(&ret_buf->openFileList);
+	INIT_LIST_HEAD(&ret_buf->tcon_list);
+	spin_lock_init(&ret_buf->open_file_lock);
+	mutex_init(&ret_buf->crfid.fid_mutex);
+	spin_lock_init(&ret_buf->stat_lock);
+
 	return ret_buf;
 }