ksmbd: fix refcount leak causing resource not released

When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not
decremented properly, causing a refcount leak that prevents the count from
reaching zero and the memory from being released.

Cc: stable@vger.kernel.org
Signed-off-by: Ziyan Xu <ziyan@securitygossip.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c
index d7a8a580d013622dd9a542dbd497f3c2a31c7f8f..a04d5702820d07e6db220e71f28cd1b1c25494f9 100644 (file)
--- a/fs/smb/server/oplock.c
+++ b/fs/smb/server/oplock.c
@@ -1102,8 +1102,10 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp,
                        if (!atomic_inc_not_zero(&opinfo->refcount))
                                continue;
 
-                       if (ksmbd_conn_releasing(opinfo->conn))
+                       if (ksmbd_conn_releasing(opinfo->conn)) {
+                               opinfo_put(opinfo);
                                continue;
+                       }
 
                        oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE, NULL);
                        opinfo_put(opinfo);
@@ -1139,8 +1141,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp)
                        if (!atomic_inc_not_zero(&opinfo->refcount))
                                continue;
 
-                       if (ksmbd_conn_releasing(opinfo->conn))
+                       if (ksmbd_conn_releasing(opinfo->conn)) {
+                               opinfo_put(opinfo);
                                continue;
+                       }
+
                        oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE, NULL);
                        opinfo_put(opinfo);
                }
@@ -1343,8 +1348,10 @@ void smb_break_all_levII_oplock(struct ksmbd_work *work, struct ksmbd_file *fp,
                if (!atomic_inc_not_zero(&brk_op->refcount))
                        continue;
 
-               if (ksmbd_conn_releasing(brk_op->conn))
+               if (ksmbd_conn_releasing(brk_op->conn)) {
+                       opinfo_put(brk_op);
                        continue;
+               }
 
                if (brk_op->is_lease && (brk_op->o_lease->state &
                    (~(SMB2_LEASE_READ_CACHING_LE |