[PATCH 3.16.y-ckt 039/118] Btrfs: fix memory leak in the extent_same ioctl

[Luis Henriques]

3.16.7-ckt16 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Filipe Manana <fdmanana at suse.com>

commit 497b4050e0eacd4c746dd396d14916b1e669849d upstream.

We were allocating memory with memdup_user() but we were never releasing
that memory. This affected pretty much every call to the ioctl, whether
it deduplicated extents or not.

This issue was reported on IRC by Julian Taylor and on the mailing list
by Marcel Ritter, credit goes to them for finding the issue.

Reported-by: Julian Taylor <jtaylor.debian at googlemail.com>
Reported-by: Marcel Ritter <ritter.marcel at gmail.com>
Signed-off-by: Filipe Manana <fdmanana at suse.com>
Reviewed-by: Mark Fasheh <mfasheh at suse.de>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 fs/btrfs/ioctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 7c5f053ee42c..9783bc9c4a40 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2977,7 +2977,7 @@ out_unlock:
 static long btrfs_ioctl_file_extent_same(struct file *file,
 			struct btrfs_ioctl_same_args __user *argp)
 {
-	struct btrfs_ioctl_same_args *same;
+	struct btrfs_ioctl_same_args *same = NULL;
 	struct btrfs_ioctl_same_extent_info *info;
 	struct inode *src = file_inode(file);
 	u64 off;
@@ -3007,6 +3007,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,
 
 	if (IS_ERR(same)) {
 		ret = PTR_ERR(same);
+		same = NULL;
 		goto out;
 	}
 
@@ -3077,6 +3078,7 @@ static long btrfs_ioctl_file_extent_same(struct file *file,
 
 out:
 	mnt_drop_write_file(file);
+	kfree(same);
 	return ret;
 }