This is a note to let you know that I've just added the patch titled cifs: Fix cached_fid refcnt leak in open_shroot to the 5.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: cifs-fix-cached_fid-refcnt-leak-in-open_shroot.patch and it can be found in the queue-5.7 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 77577de64167aa0643d47ffbaacf3642632b321b Mon Sep 17 00:00:00 2001 From: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx> Date: Sat, 13 Jun 2020 20:27:09 +0800 Subject: cifs: Fix cached_fid refcnt leak in open_shroot From: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx> commit 77577de64167aa0643d47ffbaacf3642632b321b upstream. open_shroot() invokes kref_get(), which increases the refcount of the "tcon->crfid" object. When open_shroot() returns not zero, it means the open operation failed and close_shroot() will not be called to decrement the refcount of the "tcon->crfid". The reference counting issue happens in one normal path of open_shroot(). When the cached root have been opened successfully in a concurrent process, the function increases the refcount and jump to "oshr_free" to return. However the current return value "rc" may not equal to 0, thus the increased refcount will not be balanced outside the function, causing a refcnt leak. Fix this issue by setting the value of "rc" to 0 before jumping to "oshr_free" label. Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> CC: Stable <stable@xxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/cifs/smb2ops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -759,6 +759,7 @@ int open_shroot(unsigned int xid, struct /* close extra handle outside of crit sec */ SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); } + rc = 0; goto oshr_free; } Patches currently in stable-queue which might be from xiyuyang19@xxxxxxxxxxxx are queue-5.7/cifs-fix-cached_fid-refcnt-leak-in-open_shroot.patch