Free the formatted server index string after it has been duplicated by
kobject_rename().
Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
Reported-by: Alexander Aring <[email protected]>
Signed-off-by: Benjamin Coddington <[email protected]>
---
fs/nfs/sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c
index acda8f033d30..bf378ecd5d9f 100644
--- a/fs/nfs/sysfs.c
+++ b/fs/nfs/sysfs.c
@@ -345,8 +345,10 @@ void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
int ret = -ENOMEM;
s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
- if (s)
+ if (s) {
ret = kobject_rename(&server->kobj, s);
+ kfree(s);
+ }
if (ret < 0)
pr_warn("NFS: rename sysfs %s failed (%d)\n",
server->kobj.name, ret);
--
2.40.1
On Mon, Jul 10, 2023 at 02:41:58PM -0400, Benjamin Coddington wrote:
> Free the formatted server index string after it has been duplicated by
> kobject_rename().
>
> Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> Reported-by: Alexander Aring <[email protected]>
> Signed-off-by: Benjamin Coddington <[email protected]>
Hit this issue as well. This patch fixes the problem.
Tested-by: Ido Schimmel <[email protected]>
Thanks
Hi Benjamin,
On Mon, 10 Jul 2023, Benjamin Coddington wrote:
> Free the formatted server index string after it has been duplicated by
> kobject_rename().
>
> Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> Reported-by: Alexander Aring <[email protected]>
> Signed-off-by: Benjamin Coddington <[email protected]>
Thanks!
This fixes the memory leaks I was seeing:
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xc6d3b7c0 (size 64):
comm "mount.nfs", pid 261, jiffies 4294943450 (age 1385.530s)
hex dump (first 32 bytes):
73 65 72 76 65 72 2d 32 00 00 00 00 00 00 00 00 server-2........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
[<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
[<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
[<1876b300>] kvasprintf+0x5c/0xcc
[<4fa40352>] kasprintf+0x28/0x58
[<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
[<6a98700b>] nfs_kill_super+0x18/0x34
[<d388276a>] deactivate_locked_super+0x50/0x88
[<3945c450>] cleanup_mnt+0x6c/0xc8
[<fb0ac980>] task_work_run+0x84/0xb4
[<d6ee2bd3>] do_work_pending+0x364/0x398
[<c7a0dcab>] slow_work_pending+0xc/0x20
unreferenced object 0xc6cdd6c0 (size 64):
comm "mount.nfs", pid 261, jiffies 4294943456 (age 1385.470s)
hex dump (first 32 bytes):
73 65 72 76 65 72 2d 31 00 00 00 00 00 00 00 00 server-1........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
[<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
[<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
[<1876b300>] kvasprintf+0x5c/0xcc
[<4fa40352>] kasprintf+0x28/0x58
[<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
[<6a98700b>] nfs_kill_super+0x18/0x34
[<d388276a>] deactivate_locked_super+0x50/0x88
[<3945c450>] cleanup_mnt+0x6c/0xc8
[<fb0ac980>] task_work_run+0x84/0xb4
[<d6ee2bd3>] do_work_pending+0x364/0x398
[<c7a0dcab>] slow_work_pending+0xc/0x20
Tested-by: Geert Uytterhoeven <[email protected]>
> --- a/fs/nfs/sysfs.c
> +++ b/fs/nfs/sysfs.c
> @@ -345,8 +345,10 @@ void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
> int ret = -ENOMEM;
>
> s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
> - if (s)
> + if (s) {
> ret = kobject_rename(&server->kobj, s);
> + kfree(s);
> + }
> if (ret < 0)
> pr_warn("NFS: rename sysfs %s failed (%d)\n",
> server->kobj.name, ret);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
CC regressions
On Fri, Jul 14, 2023 at 5:29 PM Geert Uytterhoeven <[email protected]> wrote:
> On Mon, 10 Jul 2023, Benjamin Coddington wrote:
> > Free the formatted server index string after it has been duplicated by
> > kobject_rename().
> >
> > Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> > Reported-by: Alexander Aring <[email protected]>
> > Signed-off-by: Benjamin Coddington <[email protected]>
>
> Thanks!
>
> This fixes the memory leaks I was seeing:
>
> # cat /sys/kernel/debug/kmemleak
> unreferenced object 0xc6d3b7c0 (size 64):
> comm "mount.nfs", pid 261, jiffies 4294943450 (age 1385.530s)
> hex dump (first 32 bytes):
> 73 65 72 76 65 72 2d 32 00 00 00 00 00 00 00 00 server-2........
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
> [<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
> [<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
> [<1876b300>] kvasprintf+0x5c/0xcc
> [<4fa40352>] kasprintf+0x28/0x58
> [<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
> [<6a98700b>] nfs_kill_super+0x18/0x34
> [<d388276a>] deactivate_locked_super+0x50/0x88
> [<3945c450>] cleanup_mnt+0x6c/0xc8
> [<fb0ac980>] task_work_run+0x84/0xb4
> [<d6ee2bd3>] do_work_pending+0x364/0x398
> [<c7a0dcab>] slow_work_pending+0xc/0x20
> unreferenced object 0xc6cdd6c0 (size 64):
> comm "mount.nfs", pid 261, jiffies 4294943456 (age 1385.470s)
> hex dump (first 32 bytes):
> 73 65 72 76 65 72 2d 31 00 00 00 00 00 00 00 00 server-1........
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
> [<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
> [<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
> [<1876b300>] kvasprintf+0x5c/0xcc
> [<4fa40352>] kasprintf+0x28/0x58
> [<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
> [<6a98700b>] nfs_kill_super+0x18/0x34
> [<d388276a>] deactivate_locked_super+0x50/0x88
> [<3945c450>] cleanup_mnt+0x6c/0xc8
> [<fb0ac980>] task_work_run+0x84/0xb4
> [<d6ee2bd3>] do_work_pending+0x364/0x398
> [<c7a0dcab>] slow_work_pending+0xc/0x20
>
> Tested-by: Geert Uytterhoeven <[email protected]>
>
> > --- a/fs/nfs/sysfs.c
> > +++ b/fs/nfs/sysfs.c
> > @@ -345,8 +345,10 @@ void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
> > int ret = -ENOMEM;
> >
> > s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
> > - if (s)
> > + if (s) {
> > ret = kobject_rename(&server->kobj, s);
> > + kfree(s);
> > + }
> > if (ret < 0)
> > pr_warn("NFS: rename sysfs %s failed (%d)\n",
> > server->kobj.name, ret);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds