On 11/8/2023 5:17 PM, Zongmin Zhou wrote:
> When allocated memory for 'new' failed,just return
> will cause memory leak of 'ar'.
>
> v2: rollback iov_alloc_cnt when allocate memory failed.
>
> Fixes: 1819a9042999 ("ksmbd: reorganize ksmbd_iov_pin_rsp()")
>
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <error27@xxxxxxxxx>
> Closes: https://lore.kernel.org/r/202311031837.H3yo7JVl-lkp@xxxxxxxxx/
> Signed-off-by: Zongmin Zhou<zhouzongmin@xxxxxxxxxx>
> ---
> fs/smb/server/ksmbd_work.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/fs/smb/server/ksmbd_work.c b/fs/smb/server/ksmbd_work.c
> index a2ed441e837a..44bce4c56daf 100644
> --- a/fs/smb/server/ksmbd_work.c
> +++ b/fs/smb/server/ksmbd_work.c
> @@ -123,8 +123,11 @@ static int __ksmbd_iov_pin_rsp(struct ksmbd_work *work, void *ib, int len,
> new = krealloc(work->iov,
> sizeof(struct kvec) * work->iov_alloc_cnt,
> GFP_KERNEL | __GFP_ZERO);
> - if (!new)
> + if (!new) {
> + kfree(ar);
> + work->iov_alloc_cnt -= 4;
> return -ENOMEM;
> + }
> work->iov = new;
> }
>
A few lines above, ar is allocated inside the 'if (aux_size)' block.
If aux_size is falsy, isn't it possible that ar will be NULL hence
we should have 'if (ar) kfree(ar);'?
