ksmbd: prevent memory leak on error return

[ Upstream commit 90044481e7cca6cb3125b3906544954a25f1309f ]

When allocated memory for 'new' failed,just return
will cause memory leak of 'ar'.

Fixes: 1819a9042999 ("ksmbd: reorganize ksmbd_iov_pin_rsp()")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Closes: https://lore.kernel.org/r/202311031837.H3yo7JVl-lkp@intel.com/
Signed-off-by: Zongmin Zhou<zhouzongmin@kylinos.cn>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/smb/server/ksmbd_work.c b/fs/smb/server/ksmbd_work.c
index a2ed441e837ae44827ef59aae7313d8ec7779c99..2510b9f3c8c14a750ba6a29fe5e405f051dd1b66 100644 (file)
--- a/fs/smb/server/ksmbd_work.c
+++ b/fs/smb/server/ksmbd_work.c
@@ -106,7 +106,7 @@ static inline void __ksmbd_iov_pin(struct ksmbd_work *work, void *ib,
 static int __ksmbd_iov_pin_rsp(struct ksmbd_work *work, void *ib, int len,
                               void *aux_buf, unsigned int aux_size)
 {
 static int __ksmbd_iov_pin_rsp(struct ksmbd_work *work, void *ib, int len,
                               void *aux_buf, unsigned int aux_size)
 {

-       struct aux_read *ar;
+       struct aux_read *ar = NULL;

        int need_iov_cnt = 1;
 
        if (aux_size) {
        int need_iov_cnt = 1;
 
        if (aux_size) {


@@ -123,8 +123,11 @@ static int __ksmbd_iov_pin_rsp(struct ksmbd_work *work, void *ib, int len,
                new = krealloc(work->iov,
                               sizeof(struct kvec) * work->iov_alloc_cnt,
                               GFP_KERNEL | __GFP_ZERO);
                new = krealloc(work->iov,
                               sizeof(struct kvec) * work->iov_alloc_cnt,
                               GFP_KERNEL | __GFP_ZERO);

-               if (!new)
+               if (!new) {
+                       kfree(ar);
+                       work->iov_alloc_cnt -= 4;

                        return -ENOMEM;
                        return -ENOMEM;

+               }

                work->iov = new;
        }
 
                work->iov = new;
        }