Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp103674rwe; Tue, 30 Aug 2022 22:19:46 -0700 (PDT) X-Google-Smtp-Source: AA6agR7F5KnXYunIKMZxQNfxuajbN4o2FKr+qHImqd0LPprGLt3y0OeJ3rmiJM2zWs7k0k+3u0RW X-Received: by 2002:a17:906:4fcd:b0:741:72b2:40c5 with SMTP id i13-20020a1709064fcd00b0074172b240c5mr10194952ejw.671.1661923186502; Tue, 30 Aug 2022 22:19:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661923186; cv=none; d=google.com; s=arc-20160816; b=VKq1DY0ihmfICDRBDeXrH2UmP8WL2KJ6A/kLe5do67e91rlL+dE6HyhKR6W/ay6c41 xppAAOB3Ubew1Xj7nOx8xTQecipvGUMaNebG0g9lNubfTLttVH4VC1VhkU3FKqolJjY0 MRZfshfbAwts7yyFLxG9o0fMPXKH0KeUV6PxayBGsr272443d60XHUhyi6k8tImvRAC8 5VftPEaXevmERQHvEpjDJvebVjm/p8OfUZpyAQO7PVhghwh3yo8Gse0rx2nym9uqtaAT sz78rPrvcEbg7Id6qSHy1ELiTxz5cln4I+g+a+gijOZ4nBU8UZk6RPhCdsxmG+zowP9+ D1zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :content-language:references:cc:to:subject:from:user-agent :mime-version:date:message-id; bh=BVY/FtVhI+JWMEdppj+2pUB3zm+V80azEceIB4REjrI=; b=vFW3AvLvs/UcfLXDFfDmNbcy57PzO9fChnJwRenz5Ad5QRwQPW0aE7qS5d5w6+s4I6 c0rPH4TPYIkgdbRtaW7dnFqxNuET+ESVHiQGlzEOXnDCzN/mxjVG+kdZEXOzIn7PZW0Y kz5cr+Z+ga+J3gfh0KJN4v9H0O10VoR6SuH25+ZltJVqJal67YNP9cTs6uzOgZNRRHfT BNeP1CTZMusr1hZ0AEbNn+8SGNFXilOFmKEt5dfd/wCJjRhW4PXeMp1I1UBnQD0ugnpr ZPlFhCUUvBT0Bi2r0Ds1K91mMEKnO2twuR67+7gJ+kIeTWP1QoN4ZP4/OffgCaLtWmYq RkSA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ge21-20020a170907909500b00734c5ab8514si7622892ejb.151.2022.08.30.22.19.04; Tue, 30 Aug 2022 22:19:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229880AbiHaFGL (ORCPT + 99 others); Wed, 31 Aug 2022 01:06:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229714AbiHaFGJ (ORCPT ); Wed, 31 Aug 2022 01:06:09 -0400 Received: from smtp.smtpout.orange.fr (smtp-19.smtpout.orange.fr [80.12.242.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A03DB5A7F for ; Tue, 30 Aug 2022 22:06:06 -0700 (PDT) Received: from [192.168.1.18] ([90.11.190.129]) by smtp.orange.fr with ESMTPA id TFvMoqKBPGYmzTFvMo9P19; Wed, 31 Aug 2022 07:06:04 +0200 X-ME-Helo: [192.168.1.18] X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Wed, 31 Aug 2022 07:06:04 +0200 X-ME-IP: 90.11.190.129 Message-ID: Date: Wed, 31 Aug 2022 07:06:00 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 From: Christophe JAILLET Subject: Re: [PATCH] nfsd: Fix a memory leak in an error handling path To: Chuck Lever , Jeff Layton , "J. Bruce Fields" , Scott Mayhew Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-nfs@vger.kernel.org References: <122a5729fdcd76e23641c7d1853de2a632f6a742.1661509473.git.christophe.jaillet@wanadoo.fr> <20220826110808.GE2071@kadam> <5AAB19B0-0DAB-4313-AC9A-307E79CE4527@oracle.com> X-Mozilla-News-Host: news://news.gmane.org Content-Language: en-US In-Reply-To: <5AAB19B0-0DAB-4313-AC9A-307E79CE4527@oracle.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 30/08/2022 à 23:11, Chuck Lever III a écrit : > > >> On Aug 26, 2022, at 7:08 AM, Dan Carpenter wrote: >> >> On Fri, Aug 26, 2022 at 12:24:54PM +0200, Christophe JAILLET wrote: >>> If this memdup_user() call fails, the memory allocated in a previous call >>> a few lines above should be freed. Otherwise it leaks. >>> >>> Fixes: 6ee95d1c8991 ("nfsd: add support for upcall version 2") >>> Signed-off-by: Christophe JAILLET >>> --- >>> Speculative, untested. >>> --- >>> fs/nfsd/nfs4recover.c | 4 +++- >>> 1 file changed, 3 insertions(+), 1 deletion(-) >>> >>> diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c >>> index b29d27eaa8a6..248ff9f4141c 100644 >>> --- a/fs/nfsd/nfs4recover.c >>> +++ b/fs/nfsd/nfs4recover.c >>> @@ -815,8 +815,10 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v2 __user *cmsg, >>> princhash.data = memdup_user( >>> &ci->cc_princhash.cp_data, >>> princhashlen); >>> - if (IS_ERR_OR_NULL(princhash.data)) >>> + if (IS_ERR_OR_NULL(princhash.data)) { >>> + kfree(name.data); >>> return -EFAULT; >> >> This comment is not directed at you and is not related to your patch. >> But memdup_user() never returns NULL, only error pointers. I wrote a >> fifteen page blog entry about NULL vs error pointers the other week. >> https://staticthinking.wordpress.com/2022/08/01/mixing-error-pointers-and-null/ >> This should propagate the error code from memdup_user() instead of >> -EFAULT. > > I take it then that Christophe should redrive this with your suggested > corrections? I haven't applied this yet because I was waiting for > follow-up. > Ok, I'll send a small serie of 3 patches... CJ > > -- > Chuck Lever > > > >