* [PATCH AUTOSEL 4.19 036/172] nfsd: Fix svc_xprt refcnt leak when setup callback client failed
[not found] <20200618012218.607130-1-sashal@kernel.org>
@ 2020-06-18 1:20 ` Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 126/172] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 127/172] NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-06-18 1:20 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xiyu Yang, Xin Tan, J . Bruce Fields, Sasha Levin, linux-nfs
From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
[ Upstream commit a4abc6b12eb1f7a533c2e7484cfa555454ff0977 ]
nfsd4_process_cb_update() invokes svc_xprt_get(), which increases the
refcount of the "c->cn_xprt".
The reference counting issue happens in one exception handling path of
nfsd4_process_cb_update(). When setup callback client failed, the
function forgets to decrease the refcnt increased by svc_xprt_get(),
causing a refcnt leak.
Fix this issue by calling svc_xprt_put() when setup callback client
failed.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4callback.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index ebbb0285addb..7ee417b685e9 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1149,6 +1149,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
err = setup_callback_client(clp, &conn, ses);
if (err) {
nfsd4_mark_cb_down(clp, err);
+ if (c)
+ svc_xprt_put(c->cn_xprt);
return;
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 4.19 126/172] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
[not found] <20200618012218.607130-1-sashal@kernel.org>
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 036/172] nfsd: Fix svc_xprt refcnt leak when setup callback client failed Sasha Levin
@ 2020-06-18 1:21 ` Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 127/172] NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-06-18 1:21 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Fedor Tokarev, Anna Schumaker, Sasha Levin, linux-nfs, netdev
From: Fedor Tokarev <ftokarev@gmail.com>
[ Upstream commit 118917d696dc59fd3e1741012c2f9db2294bed6f ]
Fix off-by-one issues in 'rpc_ntop6':
- 'snprintf' returns the number of characters which would have been
written if enough space had been available, excluding the terminating
null byte. Thus, a return value of 'sizeof(scopebuf)' means that the
last character was dropped.
- 'strcat' adds a terminating null byte to the string, thus if len ==
buflen, the null byte is written past the end of the buffer.
Signed-off-by: Fedor Tokarev <ftokarev@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/addr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/addr.c b/net/sunrpc/addr.c
index 2e0a6f92e563..8391c2785550 100644
--- a/net/sunrpc/addr.c
+++ b/net/sunrpc/addr.c
@@ -81,11 +81,11 @@ static size_t rpc_ntop6(const struct sockaddr *sap,
rc = snprintf(scopebuf, sizeof(scopebuf), "%c%u",
IPV6_SCOPE_DELIMITER, sin6->sin6_scope_id);
- if (unlikely((size_t)rc > sizeof(scopebuf)))
+ if (unlikely((size_t)rc >= sizeof(scopebuf)))
return 0;
len += rc;
- if (unlikely(len > buflen))
+ if (unlikely(len >= buflen))
return 0;
strcat(buf, scopebuf);
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 4.19 127/172] NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
[not found] <20200618012218.607130-1-sashal@kernel.org>
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 036/172] nfsd: Fix svc_xprt refcnt leak when setup callback client failed Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 126/172] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' Sasha Levin
@ 2020-06-18 1:21 ` Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-06-18 1:21 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Olga Kornievskaia, Olga Kornievskaia, Anna Schumaker,
Sasha Levin, linux-nfs
From: Olga Kornievskaia <olga.kornievskaia@gmail.com>
[ Upstream commit 1c709b766e73e54d64b1dde1b7cfbcf25bcb15b9 ]
Fixes: 02a95dee8cf0 ("NFS add callback_ops to nfs4_proc_bind_conn_to_session_callback")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 668b648064b7..05cb68ca1ba1 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -7624,7 +7624,7 @@ nfs4_bind_one_conn_to_session_done(struct rpc_task *task, void *calldata)
}
static const struct rpc_call_ops nfs4_bind_one_conn_to_session_ops = {
- .rpc_call_done = &nfs4_bind_one_conn_to_session_done,
+ .rpc_call_done = nfs4_bind_one_conn_to_session_done,
};
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-18 2:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200618012218.607130-1-sashal@kernel.org>
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 036/172] nfsd: Fix svc_xprt refcnt leak when setup callback client failed Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 126/172] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 127/172] NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).