[PATCH 3.16.y-ckt 039/118] Btrfs: fix memory leak in the extent_same ioctl

From: Luis Henriques
Date: Wed Aug 12 2015 - 05:33:06 EST

3.16.7-ckt16 -stable review patch. If anyone has any objections, please let me know.


From: Filipe Manana <fdmanana@xxxxxxxx>

commit 497b4050e0eacd4c746dd396d14916b1e669849d upstream.

We were allocating memory with memdup_user() but we were never releasing
that memory. This affected pretty much every call to the ioctl, whether
it deduplicated extents or not.

This issue was reported on IRC by Julian Taylor and on the mailing list
by Marcel Ritter, credit goes to them for finding the issue.

Reported-by: Julian Taylor <jtaylor.debian@xxxxxxxxxxxxxx>
Reported-by: Marcel Ritter <ritter.marcel@xxxxxxxxx>
Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
Reviewed-by: Mark Fasheh <mfasheh@xxxxxxx>
Signed-off-by: Luis Henriques <luis.henriques@xxxxxxxxxxxxx>
fs/btrfs/ioctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 7c5f053ee42c..9783bc9c4a40 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2977,7 +2977,7 @@ out_unlock:
static long btrfs_ioctl_file_extent_same(struct file *file,
struct btrfs_ioctl_same_args __user *argp)
- struct btrfs_ioctl_same_args *same;
+ struct btrfs_ioctl_same_args *same = NULL;
struct btrfs_ioctl_same_extent_info *info;
struct inode *src = file_inode(file);
u64 off;
@@ -3007,6 +3007,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,

if (IS_ERR(same)) {
ret = PTR_ERR(same);
+ same = NULL;
goto out;

@@ -3077,6 +3078,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,

+ kfree(same);
return ret;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/