From: Olga Kornievskaia <aglo@umich.edu>
To: Trond Myklebust <trondmy@hammerspace.com>
Cc: "pakki001@umn.edu" <pakki001@umn.edu>,
"davem@davemloft.net" <davem@davemloft.net>,
"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
"dwysocha@redhat.com" <dwysocha@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"kuba@kernel.org" <kuba@kernel.org>,
"bfields@fieldses.org" <bfields@fieldses.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Thu, 8 Apr 2021 11:24:45 -0400 [thread overview]
Message-ID: <CAN-5tyETkDBVfYQrBOm1veAzMdo-9K37bfgL+QZTPW=d2OAP9A@mail.gmail.com> (raw)
In-Reply-To: <c0de0985c0bf09a96efc538da2146f86e6fa7037.camel@hammerspace.com>
On Thu, Apr 8, 2021 at 11:01 AM Trond Myklebust <trondmy@hammerspace.com> wrote:
>
> On Tue, 2021-04-06 at 19:16 -0500, Aditya Pakki wrote:
> > In gss_pipe_destroy_msg(), in case of error in msg, gss_release_msg
> > deletes gss_msg. The patch adds a check to avoid a potential double
> > free.
> >
> > Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> > ---
> > net/sunrpc/auth_gss/auth_gss.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/sunrpc/auth_gss/auth_gss.c
> > b/net/sunrpc/auth_gss/auth_gss.c
> > index 5f42aa5fc612..eb52eebb3923 100644
> > --- a/net/sunrpc/auth_gss/auth_gss.c
> > +++ b/net/sunrpc/auth_gss/auth_gss.c
> > @@ -848,7 +848,8 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
> > warn_gssd();
> > gss_release_msg(gss_msg);
> > }
> > - gss_release_msg(gss_msg);
> > + if (gss_msg)
> > + gss_release_msg(gss_msg);
> > }
> >
> > static void gss_pipe_dentry_destroy(struct dentry *dir,
>
>
> NACK. There's no double free there.
I disagree that there is no double free, the wording of the commit
describes the problem in the error case is that we call
gss_release_msg() and then we call it again but the 1st one released
the gss_msg. However, I think the fix should probably be instead:
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5f42aa5fc612..e8aae617e981 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -846,7 +846,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
gss_unhash_msg(gss_msg);
if (msg->errno == -ETIMEDOUT)
warn_gssd();
- gss_release_msg(gss_msg);
+ return gss_release_msg(gss_msg);
}
gss_release_msg(gss_msg);
}
>
> --
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> trond.myklebust@hammerspace.com
>
>
next prev parent reply other threads:[~2021-04-08 15:25 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 0:16 [PATCH] SUNRPC: Add a check for gss_release_msg Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24 ` Olga Kornievskaia [this message]
2021-04-08 16:02 ` Trond Myklebust
2021-04-20 7:15 ` Greg KH
2021-04-20 17:10 ` J. Bruce Fields
2021-04-21 5:10 ` Leon Romanovsky
2021-04-21 5:43 ` Greg KH
2021-04-21 6:08 ` Leon Romanovsky
[not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21 8:15 ` Greg KH
2021-04-21 10:07 ` Sudip Mukherjee
2021-04-21 10:21 ` Greg KH
2021-04-21 11:58 ` Shelat, Abhi
2021-04-21 12:08 ` Greg KH
2021-04-21 12:19 ` Leon Romanovsky
2021-04-21 13:11 ` Trond Myklebust
2021-04-21 13:20 ` Leon Romanovsky
2021-04-21 13:42 ` Steven Rostedt
2021-04-21 13:21 ` gregkh
2021-04-21 13:34 ` Leon Romanovsky
2021-04-21 13:50 ` gregkh
2021-04-21 14:12 ` Leon Romanovsky
2021-04-21 18:50 ` Alexander Grund
2021-04-21 13:37 ` J. Bruce Fields
2021-04-21 13:49 ` Leon Romanovsky
2021-04-21 13:56 ` J. Bruce Fields
2021-04-22 19:39 ` J. Bruce Fields
2021-04-23 17:25 ` Leon Romanovsky
2021-04-23 18:07 ` J. Bruce Fields
2021-04-23 19:29 ` Leon Romanovsky
2021-04-23 21:48 ` J. Bruce Fields
2021-04-24 7:21 ` Leon Romanovsky
2021-04-24 18:34 ` Al Viro
2021-04-24 21:34 ` J. Bruce Fields
2021-04-25 0:41 ` Theodore Ts'o
2021-04-25 6:29 ` Greg KH
[not found] ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47 ` J. Bruce Fields
2021-04-22 8:10 ` Sudip Mukherjee
2021-04-22 8:27 ` Greg KH
2021-04-21 12:51 ` Anna Schumaker
2021-04-21 14:15 ` Leon Romanovsky
2021-04-21 15:48 ` Theodore Ts'o
2021-04-21 17:34 ` Mike Rapoport
2021-04-22 3:57 ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
[not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22 7:50 ` Eric Biggers
-- strict thread matches above, loose matches on Subject: below --
2021-04-21 20:27 Weikeng Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN-5tyETkDBVfYQrBOm1veAzMdo-9K37bfgL+QZTPW=d2OAP9A@mail.gmail.com' \
--to=aglo@umich.edu \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwysocha@redhat.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.