From mboxrd@z Thu Jan 1 00:00:00 1970 From: bfields@fieldses.org (J. Bruce Fields) Date: Thu, 30 Jan 2020 14:56:11 +0000 Subject: Re: [PATCH] nfsd4: fix double free in nfsd4_do_async_copy() Message-Id: <20200130145611.GA18127@fieldses.org> List-Id: References: <20200113132307.frp6ur5zhzolu5ys@kili.mountain> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Olga Kornievskaia Cc: Dan Carpenter , "J. Bruce Fields" , Olga Kornievskaia , Chuck Lever , linux-nfs , kernel-janitors@vger.kernel.org On Tue, Jan 21, 2020 at 04:56:31PM -0500, Olga Kornievskaia wrote: > On Mon, Jan 13, 2020 at 8:24 AM Dan Carpenter wrote: > > > > This frees "copy->nf_src" before and again after the goto. > > > > Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy") > > Signed-off-by: Dan Carpenter > > --- > > fs/nfsd/nfs4proc.c | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c > > index 1e14b3ed5674..c90c24c35b2e 100644 > > --- a/fs/nfsd/nfs4proc.c > > +++ b/fs/nfsd/nfs4proc.c > > @@ -1469,7 +1469,6 @@ static int nfsd4_do_async_copy(void *data) > > copy->nf_src->nf_file = nfs42_ssc_open(copy->ss_mnt, ©->c_fh, > > ©->stateid); > > if (IS_ERR(copy->nf_src->nf_file)) { > > - kfree(copy->nf_src); > > copy->nfserr = nfserr_offload_denied; > > nfsd4_interssc_disconnect(copy->ss_mnt); > > goto do_callback; > > -- > > 2.11.0 > > > > Reviewed-by: Olga Kornievskaia > > Bruce, can you add this to your nfsd-next? Done, thanks for the reminder. --b. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88642C2D0DB for ; Thu, 30 Jan 2020 14:56:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5AF79206F0 for ; Thu, 30 Jan 2020 14:56:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727277AbgA3O4M (ORCPT ); Thu, 30 Jan 2020 09:56:12 -0500 Received: from fieldses.org ([173.255.197.46]:54150 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727132AbgA3O4M (ORCPT ); Thu, 30 Jan 2020 09:56:12 -0500 Received: by fieldses.org (Postfix, from userid 2815) id 7654689A; Thu, 30 Jan 2020 09:56:11 -0500 (EST) Date: Thu, 30 Jan 2020 09:56:11 -0500 To: Olga Kornievskaia Cc: Dan Carpenter , "J. Bruce Fields" , Olga Kornievskaia , Chuck Lever , linux-nfs , kernel-janitors@vger.kernel.org Subject: Re: [PATCH] nfsd4: fix double free in nfsd4_do_async_copy() Message-ID: <20200130145611.GA18127@fieldses.org> References: <20200113132307.frp6ur5zhzolu5ys@kili.mountain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) From: bfields@fieldses.org (J. Bruce Fields) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, Jan 21, 2020 at 04:56:31PM -0500, Olga Kornievskaia wrote: > On Mon, Jan 13, 2020 at 8:24 AM Dan Carpenter wrote: > > > > This frees "copy->nf_src" before and again after the goto. > > > > Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy") > > Signed-off-by: Dan Carpenter > > --- > > fs/nfsd/nfs4proc.c | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c > > index 1e14b3ed5674..c90c24c35b2e 100644 > > --- a/fs/nfsd/nfs4proc.c > > +++ b/fs/nfsd/nfs4proc.c > > @@ -1469,7 +1469,6 @@ static int nfsd4_do_async_copy(void *data) > > copy->nf_src->nf_file = nfs42_ssc_open(copy->ss_mnt, ©->c_fh, > > ©->stateid); > > if (IS_ERR(copy->nf_src->nf_file)) { > > - kfree(copy->nf_src); > > copy->nfserr = nfserr_offload_denied; > > nfsd4_interssc_disconnect(copy->ss_mnt); > > goto do_callback; > > -- > > 2.11.0 > > > > Reviewed-by: Olga Kornievskaia > > Bruce, can you add this to your nfsd-next? Done, thanks for the reminder. --b.