[PATCH net] net/9p: Fix a potential socket leak in p9_socket

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open
@ 2022-11-24  8:10 Wang Hai
  2022-11-24  9:15 ` asmadeus
  2022-11-28 11:10 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 5+ messages in thread
From: Wang Hai @ 2022-11-24  8:10 UTC (permalink / raw)
  To: ericvh, lucho, asmadeus, linux_oss, davem, edumazet, kuba, pabeni, viro
  Cc: v9fs-developer, linux-kernel, netdev

Both p9_fd_create_tcp() and p9_fd_create_unix() will call
p9_socket_open(). If the creation of p9_trans_fd fails,
p9_fd_create_tcp() and p9_fd_create_unix() will return an
error directly instead of releasing the cscoket, which will
result in a socket leak.

This patch adds sock_release() to fix the leak issue.

Fixes: 6b18662e239a ("9p connect fixes")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
---
 net/9p/trans_fd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 56a186768750..f834726d21ea 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -860,8 +860,10 @@ static int p9_socket_open(struct p9_client *client, struct socket *csocket)
 	struct file *file;
 
 	p = kzalloc(sizeof(struct p9_trans_fd), GFP_KERNEL);
-	if (!p)
+	if (!p) {
+		sock_release(csocket);
 		return -ENOMEM;
+	}
 
 	csocket->sk->sk_allocation = GFP_NOIO;
 	file = sock_alloc_file(csocket, 0, NULL);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open
  2022-11-24  8:10 [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open Wang Hai
@ 2022-11-24  9:15 ` asmadeus
  2022-11-24 11:19   ` wanghai (M)
  2022-11-24 16:15   ` Al Viro
  2022-11-28 11:10 ` patchwork-bot+netdevbpf
  1 sibling, 2 replies; 5+ messages in thread
From: asmadeus @ 2022-11-24  9:15 UTC (permalink / raw)
  To: Wang Hai
  Cc: ericvh, lucho, linux_oss, davem, edumazet, kuba, pabeni, viro,
	v9fs-developer, linux-kernel, netdev

Wang Hai wrote on Thu, Nov 24, 2022 at 04:10:05PM +0800:
> Both p9_fd_create_tcp() and p9_fd_create_unix() will call
> p9_socket_open(). If the creation of p9_trans_fd fails,
> p9_fd_create_tcp() and p9_fd_create_unix() will return an
> error directly instead of releasing the cscoket, which will

(typo, socket or csocket -- I'll fix this on applying)

> result in a socket leak.
> 
> This patch adds sock_release() to fix the leak issue.

Thanks, it looks good to me.
A bit confusing that sock_alloc_files() calls sock_release() itself on
failure, but that means this one's safe at least...

> Fixes: 6b18662e239a ("9p connect fixes")

(the leak was present before that commit so I guess that's not really
correct -- but it might help figure out up to which point stable folks
will be able to backport so I guess it's useful either way)

-- 
Dominique

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open
  2022-11-24  9:15 ` asmadeus
@ 2022-11-24 11:19   ` wanghai (M)
  2022-11-24 16:15   ` Al Viro
  1 sibling, 0 replies; 5+ messages in thread
From: wanghai (M) @ 2022-11-24 11:19 UTC (permalink / raw)
  To: asmadeus
  Cc: ericvh, lucho, linux_oss, davem, edumazet, kuba, pabeni, viro,
	v9fs-developer, linux-kernel, netdev


在 2022/11/24 17:15, asmadeus@codewreck.org 写道:
> Wang Hai wrote on Thu, Nov 24, 2022 at 04:10:05PM +0800:
>> Both p9_fd_create_tcp() and p9_fd_create_unix() will call
>> p9_socket_open(). If the creation of p9_trans_fd fails,
>> p9_fd_create_tcp() and p9_fd_create_unix() will return an
>> error directly instead of releasing the cscoket, which will
> (typo, socket or csocket -- I'll fix this on applying)
Hi, Dominique.
Thanks for reviewing.

Here is a typo, it should be csocket.
>> result in a socket leak.
>>
>> This patch adds sock_release() to fix the leak issue.
> Thanks, it looks good to me.
> A bit confusing that sock_alloc_files() calls sock_release() itself on
> failure, but that means this one's safe at least...
Yes, this mechanism was introduced by commit 8e1611e23579 ("make 
sock_alloc_file() do sock_release() on failures")
>
>> Fixes: 6b18662e239a ("9p connect fixes")
> (the leak was present before that commit so I guess that's not really
> correct -- but it might help figure out up to which point stable folks
> will be able to backport so I guess it's useful either way)
Yes, there was already a leak before this patch, and this patch also 
introduces a leak

-- 
Wang Hai


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open
  2022-11-24  9:15 ` asmadeus
  2022-11-24 11:19   ` wanghai (M)
@ 2022-11-24 16:15   ` Al Viro
  1 sibling, 0 replies; 5+ messages in thread
From: Al Viro @ 2022-11-24 16:15 UTC (permalink / raw)
  To: asmadeus
  Cc: Wang Hai, ericvh, lucho, linux_oss, davem, edumazet, kuba,
	pabeni, v9fs-developer, linux-kernel, netdev

On Thu, Nov 24, 2022 at 06:15:54PM +0900, asmadeus@codewreck.org wrote:
> Wang Hai wrote on Thu, Nov 24, 2022 at 04:10:05PM +0800:
> > Both p9_fd_create_tcp() and p9_fd_create_unix() will call
> > p9_socket_open(). If the creation of p9_trans_fd fails,
> > p9_fd_create_tcp() and p9_fd_create_unix() will return an
> > error directly instead of releasing the cscoket, which will
> 
> (typo, socket or csocket -- I'll fix this on applying)
> 
> > result in a socket leak.
> > 
> > This patch adds sock_release() to fix the leak issue.
> 
> Thanks, it looks good to me.
> A bit confusing that sock_alloc_files() calls sock_release() itself on
> failure, but that means this one's safe at least...

sock_alloc_file() unconditionally consumes socket reference;
either it is transferred to new struct file it returns, or
it's dropped.  Makes for simpler logics in callers...
FWIW,
ACKed-by: Al Viro <viro@zeniv.linux.org.uk>
on the leak fix.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open
  2022-11-24  8:10 [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open Wang Hai
  2022-11-24  9:15 ` asmadeus
@ 2022-11-28 11:10 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-11-28 11:10 UTC (permalink / raw)
  To: wanghai
  Cc: ericvh, lucho, asmadeus, linux_oss, davem, edumazet, kuba,
	pabeni, viro, v9fs-developer, linux-kernel, netdev

Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Thu, 24 Nov 2022 16:10:05 +0800 you wrote:
> Both p9_fd_create_tcp() and p9_fd_create_unix() will call
> p9_socket_open(). If the creation of p9_trans_fd fails,
> p9_fd_create_tcp() and p9_fd_create_unix() will return an
> error directly instead of releasing the cscoket, which will
> result in a socket leak.
> 
> This patch adds sock_release() to fix the leak issue.
> 
> [...]

Here is the summary with links:
  - [net] net/9p: Fix a potential socket leak in p9_socket_open
    https://git.kernel.org/netdev/net/c/dcc14cfd7deb

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-11-28 11:10 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-24  8:10 [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open Wang Hai
2022-11-24  9:15 ` asmadeus
2022-11-24 11:19   ` wanghai (M)
2022-11-24 16:15   ` Al Viro
2022-11-28 11:10 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).