Commit 58130235 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag '5.1-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Three small SMB3 fixes (all for stable as well): two leaks and a
  rename bug"

* tag '5.1-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix page reference leak with readv/writev
  cifs: do not attempt cifs operation on smb2+ rename error
  cifs: fix memory leak in SMB2_read
parents 8113a85f 13f5938d
...@@ -2877,7 +2877,6 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx) ...@@ -2877,7 +2877,6 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx)
struct cifs_tcon *tcon; struct cifs_tcon *tcon;
struct cifs_sb_info *cifs_sb; struct cifs_sb_info *cifs_sb;
struct dentry *dentry = ctx->cfile->dentry; struct dentry *dentry = ctx->cfile->dentry;
unsigned int i;
int rc; int rc;
tcon = tlink_tcon(ctx->cfile->tlink); tcon = tlink_tcon(ctx->cfile->tlink);
...@@ -2941,10 +2940,6 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx) ...@@ -2941,10 +2940,6 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx)
kref_put(&wdata->refcount, cifs_uncached_writedata_release); kref_put(&wdata->refcount, cifs_uncached_writedata_release);
} }
if (!ctx->direct_io)
for (i = 0; i < ctx->npages; i++)
put_page(ctx->bv[i].bv_page);
cifs_stats_bytes_written(tcon, ctx->total_len); cifs_stats_bytes_written(tcon, ctx->total_len);
set_bit(CIFS_INO_INVALID_MAPPING, &CIFS_I(dentry->d_inode)->flags); set_bit(CIFS_INO_INVALID_MAPPING, &CIFS_I(dentry->d_inode)->flags);
...@@ -3582,7 +3577,6 @@ collect_uncached_read_data(struct cifs_aio_ctx *ctx) ...@@ -3582,7 +3577,6 @@ collect_uncached_read_data(struct cifs_aio_ctx *ctx)
struct iov_iter *to = &ctx->iter; struct iov_iter *to = &ctx->iter;
struct cifs_sb_info *cifs_sb; struct cifs_sb_info *cifs_sb;
struct cifs_tcon *tcon; struct cifs_tcon *tcon;
unsigned int i;
int rc; int rc;
tcon = tlink_tcon(ctx->cfile->tlink); tcon = tlink_tcon(ctx->cfile->tlink);
...@@ -3666,15 +3660,8 @@ collect_uncached_read_data(struct cifs_aio_ctx *ctx) ...@@ -3666,15 +3660,8 @@ collect_uncached_read_data(struct cifs_aio_ctx *ctx)
kref_put(&rdata->refcount, cifs_uncached_readdata_release); kref_put(&rdata->refcount, cifs_uncached_readdata_release);
} }
if (!ctx->direct_io) { if (!ctx->direct_io)
for (i = 0; i < ctx->npages; i++) {
if (ctx->should_dirty)
set_page_dirty(ctx->bv[i].bv_page);
put_page(ctx->bv[i].bv_page);
}
ctx->total_len = ctx->len - iov_iter_count(to); ctx->total_len = ctx->len - iov_iter_count(to);
}
/* mask nodata case */ /* mask nodata case */
if (rc == -ENODATA) if (rc == -ENODATA)
......
...@@ -1735,6 +1735,10 @@ cifs_do_rename(const unsigned int xid, struct dentry *from_dentry, ...@@ -1735,6 +1735,10 @@ cifs_do_rename(const unsigned int xid, struct dentry *from_dentry,
if (rc == 0 || rc != -EBUSY) if (rc == 0 || rc != -EBUSY)
goto do_rename_exit; goto do_rename_exit;
/* Don't fall back to using SMB on SMB 2+ mount */
if (server->vals->protocol_id != 0)
goto do_rename_exit;
/* open-file renames don't work across directories */ /* open-file renames don't work across directories */
if (to_dentry->d_parent != from_dentry->d_parent) if (to_dentry->d_parent != from_dentry->d_parent)
goto do_rename_exit; goto do_rename_exit;
......
...@@ -789,6 +789,11 @@ cifs_aio_ctx_alloc(void) ...@@ -789,6 +789,11 @@ cifs_aio_ctx_alloc(void)
{ {
struct cifs_aio_ctx *ctx; struct cifs_aio_ctx *ctx;
/*
* Must use kzalloc to initialize ctx->bv to NULL and ctx->direct_io
* to false so that we know when we have to unreference pages within
* cifs_aio_ctx_release()
*/
ctx = kzalloc(sizeof(struct cifs_aio_ctx), GFP_KERNEL); ctx = kzalloc(sizeof(struct cifs_aio_ctx), GFP_KERNEL);
if (!ctx) if (!ctx)
return NULL; return NULL;
...@@ -807,7 +812,23 @@ cifs_aio_ctx_release(struct kref *refcount) ...@@ -807,7 +812,23 @@ cifs_aio_ctx_release(struct kref *refcount)
struct cifs_aio_ctx, refcount); struct cifs_aio_ctx, refcount);
cifsFileInfo_put(ctx->cfile); cifsFileInfo_put(ctx->cfile);
/*
* ctx->bv is only set if setup_aio_ctx_iter() was call successfuly
* which means that iov_iter_get_pages() was a success and thus that
* we have taken reference on pages.
*/
if (ctx->bv) {
unsigned i;
for (i = 0; i < ctx->npages; i++) {
if (ctx->should_dirty)
set_page_dirty(ctx->bv[i].bv_page);
put_page(ctx->bv[i].bv_page);
}
kvfree(ctx->bv); kvfree(ctx->bv);
}
kfree(ctx); kfree(ctx);
} }
......
...@@ -3466,6 +3466,7 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, ...@@ -3466,6 +3466,7 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
io_parms->tcon->tid, ses->Suid, io_parms->tcon->tid, ses->Suid,
io_parms->offset, 0); io_parms->offset, 0);
free_rsp_buf(resp_buftype, rsp_iov.iov_base); free_rsp_buf(resp_buftype, rsp_iov.iov_base);
cifs_small_buf_release(req);
return rc == -ENODATA ? 0 : rc; return rc == -ENODATA ? 0 : rc;
} else } else
trace_smb3_read_done(xid, req->PersistentFileId, trace_smb3_read_done(xid, req->PersistentFileId,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment