release 6.14.8

2025-05-22 17:47:17 +03:00
parent a5a8a2798d
commit 20c917c71c
20 changed files with 247 additions and 260 deletions
--- a/debian/patches/patchset-pf/smb/0001-smb-client-fix-memory-leak-during-error-handling-for.patch
+++ b/debian/patches/patchset-pf/smb/0001-smb-client-fix-memory-leak-during-error-handling-for.patch
@@ -1,35 +0,0 @@
-From 8ef14a884df5aaf48cf5f7ce6c91e7318cb07d4e Mon Sep 17 00:00:00 2001
-From: Jethro Donaldson <devel@jro.nz>
-Date: Thu, 15 May 2025 01:23:23 +1200
-Subject: smb: client: fix memory leak during error handling for POSIX mkdir
-
-The response buffer for the CREATE request handled by smb311_posix_mkdir()
-is leaked on the error path (goto err_free_rsp_buf) because the structure
-pointer *rsp passed to free_rsp_buf() is not assigned until *after* the
-error condition is checked.
-
-As *rsp is initialised to NULL, free_rsp_buf() becomes a no-op and the leak
-is instead reported by __kmem_cache_shutdown() upon subsequent rmmod of
-cifs.ko if (and only if) the error path has been hit.
-
-Pass rsp_iov.iov_base to free_rsp_buf() instead, similar to the code in
-other functions in smb2pdu.c for which *rsp is assigned late.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Jethro Donaldson <devel@jro.nz>
-Signed-off-by: Steve French <stfrench@microsoft.com>
---
- fs/smb/client/smb2pdu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/fs/smb/client/smb2pdu.c
-+++ b/fs/smb/client/smb2pdu.c
-@@ -2967,7 +2967,7 @@ replay_again:
- 	/* Eventually save off posix specific response info and timestamps */
- 
- err_free_rsp_buf:
-	free_rsp_buf(resp_buftype, rsp);
-+	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
- 	kfree(pc_buf);
- err_free_req:
- 	cifs_small_buf_release(req);