From: Olga Kornievskaia <aglo@umich.edu>
To: Trond Myklebust <trondmy@hammerspace.com>
Cc: "pakki001@umn.edu" <pakki001@umn.edu>,
"davem@davemloft.net" <davem@davemloft.net>,
"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
"dwysocha@redhat.com" <dwysocha@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"kuba@kernel.org" <kuba@kernel.org>,
"bfields@fieldses.org" <bfields@fieldses.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Thu, 8 Apr 2021 11:24:45 -0400 [thread overview]
Message-ID: <CAN-5tyETkDBVfYQrBOm1veAzMdo-9K37bfgL+QZTPW=d2OAP9A@mail.gmail.com> (raw)
In-Reply-To: <c0de0985c0bf09a96efc538da2146f86e6fa7037.camel@hammerspace.com>
On Thu, Apr 8, 2021 at 11:01 AM Trond Myklebust <trondmy@hammerspace.com> wrote:
>
> On Tue, 2021-04-06 at 19:16 -0500, Aditya Pakki wrote:
> > In gss_pipe_destroy_msg(), in case of error in msg, gss_release_msg
> > deletes gss_msg. The patch adds a check to avoid a potential double
> > free.
> >
> > Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> > ---
> > net/sunrpc/auth_gss/auth_gss.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/sunrpc/auth_gss/auth_gss.c
> > b/net/sunrpc/auth_gss/auth_gss.c
> > index 5f42aa5fc612..eb52eebb3923 100644
> > --- a/net/sunrpc/auth_gss/auth_gss.c
> > +++ b/net/sunrpc/auth_gss/auth_gss.c
> > @@ -848,7 +848,8 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
> > warn_gssd();
> > gss_release_msg(gss_msg);
> > }
> > - gss_release_msg(gss_msg);
> > + if (gss_msg)
> > + gss_release_msg(gss_msg);
> > }
> >
> > static void gss_pipe_dentry_destroy(struct dentry *dir,
>
>
> NACK. There's no double free there.
I disagree that there is no double free, the wording of the commit
describes the problem in the error case is that we call
gss_release_msg() and then we call it again but the 1st one released
the gss_msg. However, I think the fix should probably be instead:
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5f42aa5fc612..e8aae617e981 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -846,7 +846,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
gss_unhash_msg(gss_msg);
if (msg->errno == -ETIMEDOUT)
warn_gssd();
- gss_release_msg(gss_msg);
+ return gss_release_msg(gss_msg);
}
gss_release_msg(gss_msg);
}
>
> --
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> trond.myklebust@hammerspace.com
>
>
next prev parent reply other threads:[~2021-04-08 15:25 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 0:16 [PATCH] SUNRPC: Add a check for gss_release_msg Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24 ` Olga Kornievskaia [this message]
2021-04-08 16:02 ` Trond Myklebust
2021-04-20 7:15 ` Greg KH
2021-04-20 17:10 ` J. Bruce Fields
2021-04-21 5:10 ` Leon Romanovsky
2021-04-21 5:43 ` Greg KH
2021-04-21 6:08 ` Leon Romanovsky
[not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21 8:15 ` Greg KH
2021-04-21 10:07 ` Sudip Mukherjee
2021-04-21 10:21 ` Greg KH
2021-04-21 11:58 ` Shelat, Abhi
2021-04-21 12:08 ` Greg KH
2021-04-21 12:19 ` Leon Romanovsky
2021-04-21 13:11 ` Trond Myklebust
2021-04-21 13:20 ` Leon Romanovsky
2021-04-21 13:42 ` Steven Rostedt
2021-04-21 13:21 ` gregkh
2021-04-21 13:34 ` Leon Romanovsky
2021-04-21 13:50 ` gregkh
2021-04-21 14:12 ` Leon Romanovsky
2021-04-21 18:50 ` Alexander Grund
2021-04-21 13:37 ` J. Bruce Fields
2021-04-21 13:49 ` Leon Romanovsky
2021-04-21 13:56 ` J. Bruce Fields
2021-04-22 19:39 ` J. Bruce Fields
2021-04-23 17:25 ` Leon Romanovsky
2021-04-23 18:07 ` J. Bruce Fields
2021-04-23 19:29 ` Leon Romanovsky
2021-04-23 21:48 ` J. Bruce Fields
2021-04-24 7:21 ` Leon Romanovsky
2021-04-24 18:34 ` Al Viro
2021-04-24 21:34 ` J. Bruce Fields
2021-04-25 0:41 ` Theodore Ts'o
2021-04-25 6:29 ` Greg KH
[not found] ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47 ` J. Bruce Fields
2021-04-22 8:10 ` Sudip Mukherjee
2021-04-22 8:27 ` Greg KH
2021-04-21 12:51 ` Anna Schumaker
2021-04-21 14:15 ` Leon Romanovsky
2021-04-21 15:48 ` Theodore Ts'o
2021-04-21 17:34 ` Mike Rapoport
2021-04-22 3:57 ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
[not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22 7:50 ` Eric Biggers
2021-04-21 20:27 Weikeng Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN-5tyETkDBVfYQrBOm1veAzMdo-9K37bfgL+QZTPW=d2OAP9A@mail.gmail.com' \
--to=aglo@umich.edu \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwysocha@redhat.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).