summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2008-05-13 06:56:05 +0400
committerSteve French <sfrench@us.ibm.com>2008-05-13 07:06:13 +0400
commit6353450a2deefaa79cdb4fd2b72830c7db610256 (patch)
tree8a09c4b38d90c26ec431cb9e3691a73ca0da2031
parentd0a9c078db4769f7305ff9774558776d12bfb25b (diff)
downloadlinux-6353450a2deefaa79cdb4fd2b72830c7db610256.tar.xz
fix memory leak in CIFSFindNext
When CIFSFindNext gets back an -EBADF from a call, it sets the return code of the function to 0 and eventually exits. Doing this makes the cleanup at the end of the function skip freeing the SMB buffer, so we need to make sure we free the buffer explicitly when doing this. If we don't you end up with errors like this when unplugging the cifs kernel module: slab error in kmem_cache_destroy(): cache `cifs_request': Can't free all objects [<c046bdbf>] kmem_cache_destroy+0x61/0xf3 [<e0f03045>] cifs_destroy_request_bufs+0x14/0x28 [cifs] [<e0f2016e>] exit_cifs+0x1e/0x80 [cifs] [<c043aeae>] sys_delete_module+0x192/0x1b8 [<c04451fd>] audit_syscall_entry+0x14b/0x17d [<c0405413>] syscall_call+0x7/0xb ======================= Signed-off-by: Jeff Layton <jlayton@redhat.com>
-rw-r--r--fs/cifs/CHANGES3
-rw-r--r--fs/cifs/cifssmb.c1
2 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 8355e918fddf..502a4c2b8414 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -12,7 +12,8 @@ Add ability to modify cifs acls for handling chmod (when mounted with
cifsacl flag). Fix prefixpath path separator so we can handle mounts
with prefixpaths longer than one directory (one path component) when
mounted to Windows servers. Fix slow file open when cifsacl
-enabled.
+enabled. Fix memory leak in FindNext when the SMB call returns -EBADF.
+
Version 1.51
------------
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 95fbba4ea7d4..641cc8ffc51b 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3679,6 +3679,7 @@ int CIFSFindNext(const int xid, struct cifsTconInfo *tcon,
if (rc) {
if (rc == -EBADF) {
psrch_inf->endOfSearch = true;
+ cifs_buf_release(pSMB);
rc = 0; /* search probably was closed at end of search*/
} else
cFYI(1, ("FindNext returned = %d", rc));