From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Jeff Layton <jlayton@redhat.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: [27/48] nfs: fix regression in handling of context= option in NFSv4
Date: Mon, 16 Jan 2012 10:44:54 -0800 [thread overview]
Message-ID: <20120116184518.041994651@clark.kroah.org> (raw)
In-Reply-To: <20120116184527.GA11972@kroah.com>
3.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 8a0d551a59ac92d8ff048d6cb29d3a02073e81e8 upstream.
Setting the security context of a NFSv4 mount via the context= mount
option is currently broken. The NFSv4 codepath allocates a parsed
options struct, and then parses the mount options to fill it. It
eventually calls nfs4_remote_mount which calls security_init_mnt_opts.
That clobbers the lsm_opts struct that was populated earlier. This bug
also looks like it causes a small memory leak on each v4 mount where
context= is used.
Fix this by moving the initialization of the lsm_opts into
nfs_alloc_parsed_mount_data. Also, add a destructor for
nfs_parsed_mount_data to make it easier to free all of the allocations
hanging off of it, and to ensure that the security_free_mnt_opts is
called whenever security_init_mnt_opts is.
I believe this regression was introduced quite some time ago, probably
by commit c02d7adf.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/super.c | 43 +++++++++++++++++++------------------------
1 file changed, 19 insertions(+), 24 deletions(-)
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -904,10 +904,24 @@ static struct nfs_parsed_mount_data *nfs
data->auth_flavor_len = 1;
data->version = version;
data->minorversion = 0;
+ security_init_mnt_opts(&data->lsm_opts);
}
return data;
}
+static void nfs_free_parsed_mount_data(struct nfs_parsed_mount_data *data)
+{
+ if (data) {
+ kfree(data->client_address);
+ kfree(data->mount_server.hostname);
+ kfree(data->nfs_server.export_path);
+ kfree(data->nfs_server.hostname);
+ kfree(data->fscache_uniq);
+ security_free_mnt_opts(&data->lsm_opts);
+ kfree(data);
+ }
+}
+
/*
* Sanity-check a server address provided by the mount command.
*
@@ -2215,9 +2229,7 @@ static struct dentry *nfs_fs_mount(struc
data = nfs_alloc_parsed_mount_data(NFS_DEFAULT_VERSION);
mntfh = nfs_alloc_fhandle();
if (data == NULL || mntfh == NULL)
- goto out_free_fh;
-
- security_init_mnt_opts(&data->lsm_opts);
+ goto out;
/* Validate the mount data */
error = nfs_validate_mount_data(raw_data, data, mntfh, dev_name);
@@ -2229,8 +2241,6 @@ static struct dentry *nfs_fs_mount(struc
#ifdef CONFIG_NFS_V4
if (data->version == 4) {
mntroot = nfs4_try_mount(flags, dev_name, data);
- kfree(data->client_address);
- kfree(data->nfs_server.export_path);
goto out;
}
#endif /* CONFIG_NFS_V4 */
@@ -2285,13 +2295,8 @@ static struct dentry *nfs_fs_mount(struc
s->s_flags |= MS_ACTIVE;
out:
- kfree(data->nfs_server.hostname);
- kfree(data->mount_server.hostname);
- kfree(data->fscache_uniq);
- security_free_mnt_opts(&data->lsm_opts);
-out_free_fh:
+ nfs_free_parsed_mount_data(data);
nfs_free_fhandle(mntfh);
- kfree(data);
return mntroot;
out_err_nosb:
@@ -2618,9 +2623,7 @@ nfs4_remote_mount(struct file_system_typ
mntfh = nfs_alloc_fhandle();
if (data == NULL || mntfh == NULL)
- goto out_free_fh;
-
- security_init_mnt_opts(&data->lsm_opts);
+ goto out;
/* Get a volume representation */
server = nfs4_create_server(data, mntfh);
@@ -2672,13 +2675,10 @@ nfs4_remote_mount(struct file_system_typ
s->s_flags |= MS_ACTIVE;
- security_free_mnt_opts(&data->lsm_opts);
nfs_free_fhandle(mntfh);
return mntroot;
out:
- security_free_mnt_opts(&data->lsm_opts);
-out_free_fh:
nfs_free_fhandle(mntfh);
return ERR_PTR(error);
@@ -2858,7 +2858,7 @@ static struct dentry *nfs4_mount(struct
data = nfs_alloc_parsed_mount_data(4);
if (data == NULL)
- goto out_free_data;
+ goto out;
/* Validate the mount data */
error = nfs4_validate_mount_data(raw_data, data, dev_name);
@@ -2872,12 +2872,7 @@ static struct dentry *nfs4_mount(struct
error = PTR_ERR(res);
out:
- kfree(data->client_address);
- kfree(data->nfs_server.export_path);
- kfree(data->nfs_server.hostname);
- kfree(data->fscache_uniq);
-out_free_data:
- kfree(data);
+ nfs_free_parsed_mount_data(data);
dprintk("<-- nfs4_mount() = %d%s\n", error,
error != 0 ? " [error]" : "");
return res;
next prev parent reply other threads:[~2012-01-16 18:48 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-16 18:45 [00/48] 3.1.10-stable review Greg KH
2012-01-16 18:44 ` [01/48] mtdoops: fix the oops_page_used array size Greg KH
2012-01-16 18:44 ` [02/48] mtd: mtdoops: skip reading initially bad blocks Greg KH
2012-01-16 18:44 ` [03/48] mtd: mtd_blkdevs: dont increase open count on error path Greg KH
2012-01-16 18:44 ` [04/48] mtd: tests: stresstest: bail out if device has not enough eraseblocks Greg KH
2012-01-16 18:44 ` [05/48] drivers/rtc/interface.c: fix alarm rollover when day or month is out-of-range Greg KH
2012-01-16 18:44 ` [06/48] ext4: fix undefined behavior in ext4_fill_flex_info() Greg KH
2012-01-16 18:44 ` [07/48] ALSA: snd-usb-us122l: Delete calls to preempt_disable Greg KH
2012-01-16 18:44 ` [08/48] ALSA: HDA: Fix master control for Cirrus Logic 421X Greg KH
2012-01-16 18:44 ` [09/48] ALSA: HDA: Fix automute for Cirrus Logic 421x Greg KH
2012-01-16 18:44 ` [10/48] ALSA: ice1724 - Check for ac97 to avoid kernel oops Greg KH
2012-01-16 18:44 ` [11/48] ALSA: hda - Use auto-parser for HP laptops with cx20459 codec Greg KH
2012-01-16 18:44 ` [12/48] ALSA: hda - Return the error from get_wcaps_type() for invalid NIDs Greg KH
2012-01-16 18:44 ` [13/48] ALSA: hda - Fix the detection of "Loopback Mixing" control for VIA codecs Greg KH
2012-01-16 18:44 ` [14/48] ALSA: hda - Fix the lost power-setup of seconary pins after PM resume Greg KH
2012-01-16 18:44 ` [15/48] KVM guest: prevent tracing recursion with kvmclock Greg KH
2012-01-16 18:44 ` [16/48] KVM: x86: Prevent starting PIT timers in the absence of irqchip support Greg KH
2012-01-16 18:44 ` [17/48] KVM: Remove ability to assign a device without iommu support Greg KH
2012-01-16 18:44 ` [18/48] KVM: Device assignment permission checks Greg KH
2012-01-16 18:44 ` [19/48] [PATCH] ideapad: Check if acpi already handle backlight power to avoid a page fault Greg KH
2012-01-16 18:44 ` [20/48] drm/radeon/kms: workaround invalid AVI infoframe checksum issue Greg KH
2012-01-16 18:44 ` [21/48] drm/radeon/kms: disable writeback on pre-R300 asics Greg KH
2012-01-16 18:44 ` [22/48] radeon: Fix disabling PCI bus mastering on big endian hosts Greg KH
2012-01-16 18:44 ` [23/48] NFS: Retry mounting NFSROOT Greg KH
2012-01-16 18:44 ` [24/48] NFSv4.1: fix backchannel slotid off-by-one bug Greg KH
2012-01-16 18:44 ` [25/48] NFS - fix recent breakage to NFS error handling Greg KH
2012-01-16 18:44 ` [26/48] NFSv4: include bitmap in nfsv4 get acl data Greg KH
2012-01-16 18:44 ` Greg KH [this message]
2012-01-16 18:44 ` [28/48] HID: bump maximum global item tag report size to 96 bytes Greg KH
2012-01-16 18:44 ` [29/48] HID: wiimote: Select INPUT_FF_MEMLESS Greg KH
2012-01-17 1:55 ` Paul Gortmaker
2012-01-17 6:37 ` David Herrmann
2012-01-17 8:33 ` Dan Carpenter
2012-01-17 17:09 ` Greg KH
2012-01-16 18:44 ` [30/48] UBI: fix missing scrub when there is a bit-flip Greg KH
2012-01-16 18:44 ` [31/48] UBI: fix use-after-free on error path Greg KH
2012-01-16 18:44 ` [32/48] PCI: Fix PCI_EXP_TYPE_RC_EC value Greg KH
2012-01-16 18:45 ` [33/48] PCI: msi: Disable msi interrupts when we initialize a pci device Greg KH
2012-01-16 18:45 ` [34/48] x86/PCI: Ignore CPU non-addressable _CRS reserved memory resources Greg KH
2012-01-16 18:45 ` [35/48] x86/PCI: amd: factor out MMCONFIG discovery Greg KH
2012-01-16 18:45 ` [36/48] x86/PCI: build amd_bus.o only when CONFIG_AMD_NB=y Greg KH
2012-01-16 18:45 ` [37/48] SCSI: mpt2sas: Release spinlock for the raid device list before blocking it Greg KH
2012-01-16 18:45 ` [38/48] SCSI: mpt2sas : Fix for memory allocation error for large host credits Greg KH
2012-01-16 18:45 ` [39/48] xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX Greg KH
2012-01-16 18:45 ` [40/48] md/raid1: perform bad-block tests for WriteMostly devices too Greg KH
2012-01-16 18:45 ` [41/48] ima: free duplicate measurement memory Greg KH
2012-01-16 18:45 ` [42/48] ima: fix invalid memory reference Greg KH
2012-01-16 18:45 ` [43/48] slub: fix a possible memleak in __slab_alloc() Greg KH
2012-01-16 18:45 ` [44/48] PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB Greg KH
2012-01-16 18:45 ` [45/48] rtl8192se: Fix BUG caused by failure to check skb allocation Greg KH
2012-01-16 18:45 ` [46/48] mac80211: fix rx->key NULL pointer dereference in promiscuous mode Greg KH
2012-01-16 18:45 ` [47/48] memcg: add mem_cgroup_replace_page_cache() to fix LRU issue Greg KH
2012-01-16 18:45 ` [48/48] x86: Fix mmap random address range Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120116184518.041994651@clark.kroah.org \
--to=gregkh@suse.de \
--cc=Trond.Myklebust@netapp.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=jlayton@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).