Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4420876pxj; Mon, 21 Jun 2021 23:06:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxU/OJbnPkmibDwANT10kKiRO/RBvm2cMpwHHf9TDcDHo8sgdOFC3OT8i0vn01P0/h7GMpP X-Received: by 2002:a05:6402:c92:: with SMTP id cm18mr2690415edb.29.1624342001152; Mon, 21 Jun 2021 23:06:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624342001; cv=none; d=google.com; s=arc-20160816; b=kUdGbVgf2su3zUd9bKDagQi2X0jmeDkgFH5nV0gjYz8qeajrw+wv9ujizytENdHdcq cvouHUsGuvcOucrBmYBF/R+n+V12A11Ap8aLWLGDzmaEpE8cwZBqSDdCrf/vu/s8f61u qBkqw2HrQAMin6ChpwK83bYGUKcpw+LiqyibP66APw866LmzJPU4WZk1Qzb3Jwr/2EZT 0LXGFSSgU0yaU8uAdn3/tmcwft6ngJoZ1vLaB5cnLvhEOGdo+aRO+s+GUUtQ8/DmUqn4 /FpF0hyiVyZpeyX5iLUOQzPU4/vNjVBvLHL863mJjfh16innRQb3J9McwjLjigwprcrg 6TaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=zPy279ayEAAh9aHoLUrSsa6wbT+38ohlpegMhfhUs5A=; b=yZ5gtCzssj6vi4Wi/8DI8oRQz/tw60PdvMm3kaKFPwUdJZB23npEq2TUkY8rd7wmiy XCnhKlJCceuWrNqm2epCn0KBgKnJtoRAp3y1mcntBpKsZdA9sGO7AQNjWdnL1V/dNVCX H2Fqf68q+w4J+RxoXaz63eK2lOUFBpNer/kHLX2jFpv3OxkZI+a7GHUcehYBT+9JQ2/F P8CrJ0frU1Su8COxZ2ixEmpi1mw/xAVYtWaNKJH2nYdX12L+16By3pHMW513sNCMG5uK Ic5rpVeDdScot8OJvuyu+CKSKyE4Cy7C+fR9Ynhp0KS2ByVia9aC+q5lGPxC4KptHoG9 bRMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gx12si12937139ejc.658.2021.06.21.23.06.18; Mon, 21 Jun 2021 23:06:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229625AbhFVGGi (ORCPT + 99 others); Tue, 22 Jun 2021 02:06:38 -0400 Received: from verein.lst.de ([213.95.11.211]:45192 "EHLO verein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229490AbhFVGGh (ORCPT ); Tue, 22 Jun 2021 02:06:37 -0400 Received: by verein.lst.de (Postfix, from userid 2407) id A282C67357; Tue, 22 Jun 2021 08:04:19 +0200 (CEST) Date: Tue, 22 Jun 2021 08:04:19 +0200 From: Christoph Hellwig To: Chung-Chiang Cheng Cc: jlbec@evilplan.org, hch@lst.de, pantelis.antoniou@konsulko.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Chung-Chiang Cheng Subject: Re: [PATCH] configfs: fix memleak in configfs_release_bin_file Message-ID: <20210622060419.GA29360@lst.de> References: <20210618075925.803052-1-cccheng@synology.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210618075925.803052-1-cccheng@synology.com> User-Agent: Mutt/1.5.17 (2007-11-01) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hmm. The issue looks real, but I think we should just call the vfree unconditionally given that the buffer structure is zeroed on allocation and freed just after, and also remove the pointless clearing of all the flags. Does something like this work for you? diff --git a/fs/configfs/file.c b/fs/configfs/file.c index 53913b84383a..1ab6afb84f04 100644 --- a/fs/configfs/file.c +++ b/fs/configfs/file.c @@ -393,11 +393,8 @@ static int configfs_release_bin_file(struct inode *inode, struct file *file) { struct configfs_buffer *buffer = file->private_data; - buffer->read_in_progress = false; - if (buffer->write_in_progress) { struct configfs_fragment *frag = to_frag(file); - buffer->write_in_progress = false; down_read(&frag->frag_sem); if (!frag->frag_dead) { @@ -407,13 +404,9 @@ static int configfs_release_bin_file(struct inode *inode, struct file *file) buffer->bin_buffer_size); } up_read(&frag->frag_sem); - /* vfree on NULL is safe */ - vfree(buffer->bin_buffer); - buffer->bin_buffer = NULL; - buffer->bin_buffer_size = 0; - buffer->needs_read_fill = 1; } + vfree(buffer->bin_buffer); configfs_release(inode, file); return 0; }