From: Trond Myklebust <trondmy@hammerspace.com>
To: "anna@kernel.org" <anna@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"wanghai38@huawei.com" <wanghai38@huawei.com>,
"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
"kuba@kernel.org" <kuba@kernel.org>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net] SUNRPC: Fix local socket leak in xs_local_setup_socket()
Date: Tue, 26 Apr 2022 18:51:45 +0000 [thread overview]
Message-ID: <d013bdc75085e380250cb79edf2b27680cbc9f7e.camel@hammerspace.com> (raw)
In-Reply-To: <20220426132011.25418-1-wanghai38@huawei.com>
On Tue, 2022-04-26 at 21:20 +0800, Wang Hai wrote:
> If the connection to a local endpoint in xs_local_setup_socket()
> fails,
> fput() is missing in the error path, which will result in a socket
> leak.
> It can be reproduced in simple script below.
>
> while true
> do
> systemctl stop rpcbind.service
> systemctl stop rpc-statd.service
> systemctl stop nfs-server.service
>
> systemctl restart rpcbind.service
> systemctl restart rpc-statd.service
> systemctl restart nfs-server.service
> done
>
> When executing the script, you can observe that the
> "cat /proc/net/unix | wc -l" count keeps growing.
>
> Add the missing fput(), and restore transport to old socket.
>
> Signed-off-by: Wang Hai <wanghai38@huawei.com>
> ---
> net/sunrpc/xprtsock.c | 20 ++++++++++++++++++--
> 1 file changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index 0f39e08ee580..7219c545385e 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -1819,6 +1819,9 @@ static int xs_local_finish_connecting(struct
> rpc_xprt *xprt,
> {
> struct sock_xprt *transport = container_of(xprt, struct
> sock_xprt,
>
> xprt);
> + struct socket *trans_sock = NULL;
> + struct sock *trans_inet = NULL;
> + int ret;
>
> if (!transport->inet) {
> struct sock *sk = sock->sk;
> @@ -1835,6 +1838,9 @@ static int xs_local_finish_connecting(struct
> rpc_xprt *xprt,
>
> xprt_clear_connected(xprt);
>
> + trans_sock = transport->sock;
> + trans_inet = transport->inet;
> +
Both values are NULL here
> /* Reset to new socket */
> transport->sock = sock;
> transport->inet = sk;
> @@ -1844,7 +1850,14 @@ static int xs_local_finish_connecting(struct
> rpc_xprt *xprt,
>
> xs_stream_start_connect(transport);
>
> - return kernel_connect(sock, xs_addr(xprt), xprt->addrlen, 0);
> + ret = kernel_connect(sock, xs_addr(xprt), xprt->addrlen, 0);
> + /* Restore to old socket */
> + if (ret && trans_inet) {
> + transport->sock = trans_sock;
> + transport->inet = trans_inet;
> + }
> +
> + return ret;
> }
>
> /**
> @@ -1887,7 +1900,7 @@ static int xs_local_setup_socket(struct
> sock_xprt *transport)
> xprt->stat.connect_time += (long)jiffies -
> xprt->stat.connect_start;
> xprt_set_connected(xprt);
> - break;
> + goto out;
> case -ENOBUFS:
> break;
> case -ENOENT:
> @@ -1904,6 +1917,9 @@ static int xs_local_setup_socket(struct
> sock_xprt *transport)
> xprt-
> >address_strings[RPC_DISPLAY_ADDR]);
> }
>
> + transport->file = NULL;
> + fput(filp);
Please just call xprt_force_disconnect() so that this can be cleaned up
from a safe context.
> +
> out:
> xprt_clear_connecting(xprt);
> xprt_wake_pending_tasks(xprt, status);
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2022-04-26 18:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 13:20 [PATCH net] SUNRPC: Fix local socket leak in xs_local_setup_socket() Wang Hai
2022-04-26 18:51 ` Trond Myklebust [this message]
2022-04-27 7:15 ` wanghai (M)
2022-04-28 12:51 ` wanghai (M)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d013bdc75085e380250cb79edf2b27680cbc9f7e.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wanghai38@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.