[PATCH 5.3 306/344] smb3: fix leak in "open on server" perf counter

From: Greg Kroah-Hartman
Date: Thu Oct 03 2019 - 12:53:37 EST


From: Steve French <stfrench@xxxxxxxxxxxxx>

commit d2f15428d6a0ebfc0edc364094d7c4a2de7037ed upstream.

We were not bumping up the "open on server" (num_remote_opens)
counter (in some cases) on opens of the share root so
could end up showing as a negative value.

CC: Stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/cifs/smb2ops.c | 5 +++++
fs/cifs/smb2pdu.c | 1 +
2 files changed, 6 insertions(+)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -743,6 +743,8 @@ int open_shroot(unsigned int xid, struct
if (rc)
goto oshr_exit;

+ atomic_inc(&tcon->num_remote_opens);
+
o_rsp = (struct smb2_create_rsp *)rsp_iov[0].iov_base;
oparms.fid->persistent_fid = o_rsp->PersistentFileId;
oparms.fid->volatile_fid = o_rsp->VolatileFileId;
@@ -1168,6 +1170,7 @@ smb2_set_ea(const unsigned int xid, stru

rc = compound_send_recv(xid, ses, flags, 3, rqst,
resp_buftype, rsp_iov);
+ /* no need to bump num_remote_opens because handle immediately closed */

sea_exit:
kfree(ea);
@@ -1489,6 +1492,8 @@ smb2_ioctl_query_info(const unsigned int
resp_buftype, rsp_iov);
if (rc)
goto iqinf_exit;
+
+ /* No need to bump num_remote_opens since handle immediately closed */
if (qi.flags & PASSTHRU_FSCTL) {
pqi = (struct smb_query_info __user *)arg;
io_rsp = (struct smb2_ioctl_rsp *)rsp_iov[1].iov_base;
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2351,6 +2351,7 @@ int smb311_posix_mkdir(const unsigned in
rqst.rq_iov = iov;
rqst.rq_nvec = n_iov;

+ /* no need to inc num_remote_opens because we close it just below */
trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, CREATE_NOT_FILE,
FILE_WRITE_ATTRIBUTES);
/* resource #4: response buffer */