From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D6EBC433B4 for ; Thu, 8 Apr 2021 15:25:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D9B561151 for ; Thu, 8 Apr 2021 15:25:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231995AbhDHPZN (ORCPT ); Thu, 8 Apr 2021 11:25:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232220AbhDHPZK (ORCPT ); Thu, 8 Apr 2021 11:25:10 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97920C061763; Thu, 8 Apr 2021 08:24:58 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a7so3756051eju.1; Thu, 08 Apr 2021 08:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2DctV2bRWf9bByNN4jO+KZZov1aPn00QO4Vdegx2Cow=; b=WX/inlaeeRIbsG86uDWLNx7q9abVElPQlit8MiD/qADEh+BkApQz6ZTJFohiy78033 h2rm8PaFTYBZr60Er0hM6LkGcCOTobwmLaZaQp96KarlKd4mBvwomsSSLeRozAvzZwy6 INi/JbdycJcG3kjZ7cNA99vdxVe9z3Jfk4go68uQx5ujXaX81ZCmF0TqOANYvKip1kHp a4L5MqMnRQIJLQweJVwEw3SPMIvjuYwlP626MmsqqSeaW3oSDVYDq05UEmWGz77BC1aZ o/iBbvM8u89iteW2KMJAdo+Poa//SkEzFA3BaHmafDBE7PqVTY1gl8xdv/tPRWzi6S5Y 9Kjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2DctV2bRWf9bByNN4jO+KZZov1aPn00QO4Vdegx2Cow=; b=tddlTZdgakqIv4wy7B+TQ5drUb59f65pdxbZjf+VuE4MLMExclvsAWAZxyHvzNJr7w 6zD3uHpyZnGcwvFdQsxCZgV2eOxjI7wAl0tW+PIANGz3JuPiE5C16zdY6OaAmpzvTvGf kuSj42ellAY637Sc4LRxg/270RRPvlbu0nHOB8wm6SRpWlJEl/9EL6ziSh0zEjbbccgZ B7PRRu+HCXF7n+dW75HYW85wNImWCxLHawW0R6zt7/kCBRLFzoM5n2vlEj/qTbPsVab+ ZPy8IutpibOk/HNBm83bRjBq82H2QbsrukUeI+Gac50VNNcM8NEVths1E/TOyL0ZvxFp 6DnQ== X-Gm-Message-State: AOAM532UJGN/cF0IUWoAKLkI4fEKKMw245qKduz68mh339gCN09ZZxQn 7icT7sUIyEH9YHzkSw2MQTPOlkKZUlO5+Ku1R9o= X-Google-Smtp-Source: ABdhPJxL8zi4DQYkjJuJ7486ivbwyswwR3YPdBXE8zctrhzn0c+SIv23BREveuykwcFjiMoPUBHx7HFc+kG/LvfLCO4= X-Received: by 2002:a17:906:7194:: with SMTP id h20mr10309618ejk.432.1617895497312; Thu, 08 Apr 2021 08:24:57 -0700 (PDT) MIME-Version: 1.0 References: <20210407001658.2208535-1-pakki001@umn.edu> In-Reply-To: From: Olga Kornievskaia Date: Thu, 8 Apr 2021 11:24:45 -0400 Message-ID: Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg To: Trond Myklebust Cc: "pakki001@umn.edu" , "davem@davemloft.net" , "chuck.lever@oracle.com" , "dwysocha@redhat.com" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "kuba@kernel.org" , "bfields@fieldses.org" , "linux-nfs@vger.kernel.org" , "anna.schumaker@netapp.com" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, Apr 8, 2021 at 11:01 AM Trond Myklebust wrote: > > On Tue, 2021-04-06 at 19:16 -0500, Aditya Pakki wrote: > > In gss_pipe_destroy_msg(), in case of error in msg, gss_release_msg > > deletes gss_msg. The patch adds a check to avoid a potential double > > free. > > > > Signed-off-by: Aditya Pakki > > --- > > net/sunrpc/auth_gss/auth_gss.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/net/sunrpc/auth_gss/auth_gss.c > > b/net/sunrpc/auth_gss/auth_gss.c > > index 5f42aa5fc612..eb52eebb3923 100644 > > --- a/net/sunrpc/auth_gss/auth_gss.c > > +++ b/net/sunrpc/auth_gss/auth_gss.c > > @@ -848,7 +848,8 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) > > warn_gssd(); > > gss_release_msg(gss_msg); > > } > > - gss_release_msg(gss_msg); > > + if (gss_msg) > > + gss_release_msg(gss_msg); > > } > > > > static void gss_pipe_dentry_destroy(struct dentry *dir, > > > NACK. There's no double free there. I disagree that there is no double free, the wording of the commit describes the problem in the error case is that we call gss_release_msg() and then we call it again but the 1st one released the gss_msg. However, I think the fix should probably be instead: diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 5f42aa5fc612..e8aae617e981 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -846,7 +846,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) gss_unhash_msg(gss_msg); if (msg->errno == -ETIMEDOUT) warn_gssd(); - gss_release_msg(gss_msg); + return gss_release_msg(gss_msg); } gss_release_msg(gss_msg); } > > -- > Trond Myklebust > Linux NFS client maintainer, Hammerspace > trond.myklebust@hammerspace.com > >