Commit b5ada126 authored by Filipe Manana's avatar Filipe Manana Committed by Luis Henriques

Btrfs: fix memory leak in the extent_same ioctl

commit 497b4050 upstream.

We were allocating memory with memdup_user() but we were never releasing
that memory. This affected pretty much every call to the ioctl, whether
it deduplicated extents or not.

This issue was reported on IRC by Julian Taylor and on the mailing list
by Marcel Ritter, credit goes to them for finding the issue.
Reported-by: default avatarJulian Taylor <jtaylor.debian@googlemail.com>
Reported-by: default avatarMarcel Ritter <ritter.marcel@gmail.com>
Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 063fd5d5
...@@ -2977,7 +2977,7 @@ static int btrfs_extent_same(struct inode *src, u64 loff, u64 len, ...@@ -2977,7 +2977,7 @@ static int btrfs_extent_same(struct inode *src, u64 loff, u64 len,
static long btrfs_ioctl_file_extent_same(struct file *file, static long btrfs_ioctl_file_extent_same(struct file *file,
struct btrfs_ioctl_same_args __user *argp) struct btrfs_ioctl_same_args __user *argp)
{ {
struct btrfs_ioctl_same_args *same; struct btrfs_ioctl_same_args *same = NULL;
struct btrfs_ioctl_same_extent_info *info; struct btrfs_ioctl_same_extent_info *info;
struct inode *src = file_inode(file); struct inode *src = file_inode(file);
u64 off; u64 off;
...@@ -3007,6 +3007,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, ...@@ -3007,6 +3007,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,
if (IS_ERR(same)) { if (IS_ERR(same)) {
ret = PTR_ERR(same); ret = PTR_ERR(same);
same = NULL;
goto out; goto out;
} }
...@@ -3077,6 +3078,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file, ...@@ -3077,6 +3078,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,
out: out:
mnt_drop_write_file(file); mnt_drop_write_file(file);
kfree(same);
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment