From nobody Sat Feb  7 18:20:26 2026
Received: from mail.codeweavers.com (mail.codeweavers.com [4.36.192.163])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9C241547E2
	for <linux-kernel@vger.kernel.org>; Thu, 16 Jan 2025 19:07:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=4.36.192.163
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737054458; cv=none;
 b=tEMIr+RLjCnfxR0neUYbGLAMW5KT23pPneiuCNqAGVx4BrSoFrOlahv9eGjlX3H8mzl3sByXenWE3LQpavoIsxSpF93uBShXK1CsYEdcdYAiUV6gP95AL6t31BI8mZKI6m8gEkPrlhDvfE/mbpuB9/jkClTlv3Qm6T/b25dtUjY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737054458; c=relaxed/simple;
	bh=L8+WKniyWshXzVTvH5EIsUEna4ps5H6aGdNFvaRhPlg=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=d6a8BVDTdCX5H7Ty1P3zOFj1TLKyCTbZLL06R1+pZ7EI8UAmlEpd2X2trVFSwHQMQLyB0IA+Yy3UOS60bQKo371i5YtTOoWaTOeUAWwzx29+m36dzgBgfSVdns285bJqzEI/INzuHQucUYmq2jku7WsTbyPi1gaBda4AoRmpT3c=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=codeweavers.com;
 spf=pass smtp.mailfrom=codeweavers.com;
 dkim=pass (2048-bit key) header.d=codeweavers.com header.i=@codeweavers.com
 header.b=Sjx09BaU; arc=none smtp.client-ip=4.36.192.163
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=codeweavers.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=codeweavers.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=codeweavers.com header.i=@codeweavers.com
 header.b="Sjx09BaU"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=codeweavers.com; s=s1; h=Content-Transfer-Encoding:MIME-Version:Message-ID:
	Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=fgGQsnG8UapZIi4udlpQJnNnuChfMYKF5XOOmG/d3xQ=; b=Sjx09BaUMnk9WC9a9XNqk3kTZD
	HhAzchUi+V8COcJxB5axPI579o2MgLO/ibUqD0jdlLDxctA0WJwV6WIjIIWm4xIWxuaAPKm05bwXL
	xpGZyCrqIk4NdIDxL14UFLNxdooqAgh28T6RVYunlHdddHkGsMUmKJa3kdj///XHUwzkLAPgzuNo2
	GpSjJonTeyp2eOVNAZ9CmFubq/BIHiPcOJPhGkqvtqzSo3DOd5HK84+AarJb14Js+0IGRFtmDXByb
	rD3OX9oDZZt52zcQI92ZOMAaiYBafbVUHIEulxLIbkz6xfPpcemZSYjHhfuYA0tA7Bi28MvVtU0hU
	tqCWQ5BA==;
Received: from cw137ip160.mn.codeweavers.com ([10.69.137.160]
 helo=camazotz.mn.codeweavers.com)
	by mail.codeweavers.com with esmtpsa  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <zfigura@codeweavers.com>)
	id 1tYVDE-0067iE-2d;
	Thu, 16 Jan 2025 13:07:29 -0600
From: Elizabeth Figura <zfigura@codeweavers.com>
To: Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org,
	wine-devel@winehq.org,
	Elizabeth Figura <zfigura@codeweavers.com>
Subject: [PATCH] ntsync: Fix reference leaks in the remaining create ioctls.
Date: Thu, 16 Jan 2025 13:07:17 -0600
Message-ID: <20250116190717.8923-1-zfigura@codeweavers.com>
X-Mailer: git-send-email 2.45.2
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When ntsync_obj_get_fd() fails, we free the ntsync object but forget to dro=
p the
"file" member.

This was fixed for semaphores in 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d, =
but
that commit did not fix the similar leak for events and mutexes, since they=
 were
part of patches not yet in the mainline kernel. Fix those cases.

Fixes: 5bc2479a3585b "ntsync: Introduce NTSYNC_IOC_CREATE_MUTEX."
Fixes: 4c7404b9c2b57 "ntsync: Introduce NTSYNC_IOC_CREATE_EVENT."
Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
---
 drivers/misc/ntsync.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/misc/ntsync.c b/drivers/misc/ntsync.c
index b6441e978974..055395cde42b 100644
--- a/drivers/misc/ntsync.c
+++ b/drivers/misc/ntsync.c
@@ -781,7 +781,7 @@ static int ntsync_create_mutex(struct ntsync_device *de=
v, void __user *argp)
 	mutex->u.mutex.owner =3D args.owner;
 	fd =3D ntsync_obj_get_fd(mutex);
 	if (fd < 0)
-		kfree(mutex);
+		ntsync_free_obj(mutex);
=20
 	return fd;
 }
@@ -802,7 +802,7 @@ static int ntsync_create_event(struct ntsync_device *de=
v, void __user *argp)
 	event->u.event.signaled =3D args.signaled;
 	fd =3D ntsync_obj_get_fd(event);
 	if (fd < 0)
-		kfree(event);
+		ntsync_free_obj(event);
=20
 	return fd;
 }

base-commit: 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d
--=20
2.45.2