Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3275842ybz; Sun, 19 Apr 2020 22:45:48 -0700 (PDT) X-Google-Smtp-Source: APiQypIJdSzJLn0tb1dPEcGJaZJ4jcMCZ/dNkBlNilDFDzlppGI/C+RcKen6AlSLN+u18YkvwqQp X-Received: by 2002:aa7:c681:: with SMTP id n1mr12972231edq.83.1587361548281; Sun, 19 Apr 2020 22:45:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587361548; cv=none; d=google.com; s=arc-20160816; b=0cr6LLzRPhzvcPvsXZysNNNhe7iEtxHKtIlGnK3Bd80Ig+fLusIIDEBgAOZoI6wCzm L1z57A2osKuLEr+ahnwIll0oNwG5WrtKYUg/+sUSn7IfDTmn50l9dOgqGJHAOwzqW0Bl Bi3BrJg14BsweHuEy0v+0DE6l/EyIzoq2/o0RudpheYu46Aj+9ybvohP4Y+y3Vg1tgtM m9RCdKFpvKRVnZGzCC2Ba559hsOQ5qHFHZlwXOWLT3babelBFNb3bhR2HvuSjxUmxP9+ /iwqob4XEaNVVbELCCpC6qG1hcBoJPTi+F0UEmvy9Zog7XGS/h9c5BO+gLePHL8qX8rt /BuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=yAOu0VUkborL/7+dqlJ4jWkJ1m2aAADVyJZ3KeTxc1w=; b=PKthDlIGHnMzcy0JnLU2x+xTgYRXA2FFVdo4xuk7qy8iTwNCoFLsxWe1sbsan7LlTT uzQgehlUUv/pQ1x6dEgFe2sj0jq7jKgofkQalk+AdSnpjBQpyDkBqPkex8HSs738s0zP 5FoqrwCHJB30sjBE0UM9zZDPoyP3BuMdriw/tyjXcAlCjm0zrYeyocx4UG38oMy8d+VP wQ7vXmgEuOndZyNGyHcZ97MCcXP9TlWVwTPHOIqwnhN0oDVIK26V+TQonVYe6jJUpgi7 F+blLJvn7xNbCklRdlrxrPtsk2DIW2DhAv/tqU9wDwc34f/E5EW7IH9eStdUR07I31Vr ajBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b=3Vwu87CC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h11si8177533ejy.116.2020.04.19.22.45.26; Sun, 19 Apr 2020 22:45:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b=3Vwu87CC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726036AbgDTFoQ (ORCPT + 99 others); Mon, 20 Apr 2020 01:44:16 -0400 Received: from mail.fudan.edu.cn ([202.120.224.73]:33230 "EHLO fudan.edu.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725379AbgDTFoP (ORCPT ); Mon, 20 Apr 2020 01:44:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fudan.edu.cn; s=dkim; h=Received:From:To:Cc:Subject:Date: Message-Id; bh=yAOu0VUkborL/7+dqlJ4jWkJ1m2aAADVyJZ3KeTxc1w=; b=3 Vwu87CCBMNoOn8C3OXoqNfWk/SbXJqSw+e7lDhS92qY78pj/qLTaNn7w+ibW2IAp iqTcgm5gQY7pl2PlClqregA8jJ1LD8hSO8DYT1qYWKZEoJmXUwXtmd1oY1szPuWd 9WOtgK+AaFI6yZZT0mLP0TFbNChzxNv4mk9FhbaV5k= Received: from localhost.localdomain (unknown [120.229.255.67]) by app2 (Coremail) with SMTP id XQUFCgA3ywicNp1ePAAeAA--.3223S3; Mon, 20 Apr 2020 13:43:57 +0800 (CST) From: Xiyu Yang To: Trond Myklebust , Anna Schumaker , Olaf Kirch , Andrew Morton , Andreas Gruenbacher , linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Cc: yuanxzhang@fudan.edu.cn, kjlu@umn.edu, Xiyu Yang , Xin Tan Subject: [PATCH] nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl Date: Mon, 20 Apr 2020 13:43:28 +0800 Message-Id: <1587361410-83560-1-git-send-email-xiyuyang19@fudan.edu.cn> X-Mailer: git-send-email 2.7.4 X-CM-TRANSID: XQUFCgA3ywicNp1ePAAeAA--.3223S3 X-Coremail-Antispam: 1UD129KBjvJXoWrKFW3tr4ruw1xtFykAw1DZFb_yoW8JF45pw 4Ikr1UtF98tFW8tas8Aw48W34kAa10qw1rKwn5Wa1SvrnxXasxCFyYqw13XFWUArW8JF18 Wr1Yg3y3Z3WDCaUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9K14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26rxl 6s0DM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s 0DM2vYz4IE04k24VAvwVAKI4IrM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI 64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1Y6r17McIj6I8E87Iv67AKxVWUJVW8Jw Am72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAG YxC7M4IIrI8v6xkF7I0E8cxan2IY04v7MxkIecxEwVAFwVW8WwCF04k20xvY0x0EwIxGrw CFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE 14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2 IY67AKxVWUCVW8JwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Cr0_Gr1UMIIF0xvE42xK8VAv wI8IcIk0rVW8JVW3JwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14 v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjfUO2NtUUUUU X-CM-SenderInfo: irzsiiysuqikmy6i3vldqovvfxof0/ Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org nfs3_set_acl() invokes get_acl(), which returns a local reference of the posix_acl object to "alloc" with increased refcount. When nfs3_set_acl() returns or a new object is assigned to "alloc", the original local reference of "alloc" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one path of nfs3_set_acl(). When "acl" equals to NULL but "alloc" is not NULL, the function forgets to decrease the refcnt increased by get_acl() and causes a refcnt leak. Fix this issue by calling posix_acl_release() on this path when "alloc" is not NULL. Fixes: b7fa0554cf1b ("[PATCH] NFS: Add support for NFSv3 ACLs") Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan --- fs/nfs/nfs3acl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c index c5c3fc6e6c60..b5c41bcca8cf 100644 --- a/fs/nfs/nfs3acl.c +++ b/fs/nfs/nfs3acl.c @@ -274,6 +274,8 @@ int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type) } if (acl == NULL) { + if (alloc) + posix_acl_release(alloc); alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); if (IS_ERR(alloc)) goto fail; -- 2.7.4