2022-09-07 10:20:07

by Jeff Layton

[permalink] [raw]
Subject: Re: [PATCH] SUNRPC: Fix potential memory leak in xs_udp_send_request()

On Wed, 2022-09-07 at 15:13 +0800, Jianglei Nie wrote:
> xs_udp_send_request() allocates a memory chunk for xdr->bvec with
> xdr_alloc_bvec(). When xprt_sock_sendmsg() finishs, xdr->bvec is not
> released, which will lead to a memory leak.
>
> we should release the xdr->bvec with xdr_free_bvec() after
> xprt_sock_sendmsg() like bc_sendto() does.
>
> Signed-off-by: Jianglei Nie <[email protected]>
> ---
> net/sunrpc/xprtsock.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index e976007f4fd0..298182a3c168 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -958,6 +958,7 @@ static int xs_udp_send_request(struct rpc_rqst *req)
> return status;
> req->rq_xtime = ktime_get();
> status = xprt_sock_sendmsg(transport->sock, &msg, xdr, 0, 0, &sent);
> + xdr_free_bvec(xdr);
>
> dprintk("RPC: xs_udp_send_request(%u) = %d\n",
> xdr->len, status);

I think you're probably correct here.

I was thinking we might have a similar bug in svc_tcp_sendmsg, but it
looks like that one gets freed in svc_tcp_sendto.

Reviewed-by: Jeff Layton <[email protected]>


2022-09-07 13:40:21

by Trond Myklebust

[permalink] [raw]
Subject: Re: [PATCH] SUNRPC: Fix potential memory leak in xs_udp_send_request()

On Wed, 2022-09-07 at 06:08 -0400, Jeff Layton wrote:
> On Wed, 2022-09-07 at 15:13 +0800, Jianglei Nie wrote:
> > xs_udp_send_request() allocates a memory chunk for xdr->bvec with
> > xdr_alloc_bvec(). When xprt_sock_sendmsg() finishs, xdr->bvec is
> > not
> > released, which will lead to a memory leak.
> >
> > we should release the xdr->bvec with xdr_free_bvec() after
> > xprt_sock_sendmsg() like bc_sendto() does.
> >
> > Signed-off-by: Jianglei Nie <[email protected]>
> > ---
> >  net/sunrpc/xprtsock.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > index e976007f4fd0..298182a3c168 100644
> > --- a/net/sunrpc/xprtsock.c
> > +++ b/net/sunrpc/xprtsock.c
> > @@ -958,6 +958,7 @@ static int xs_udp_send_request(struct rpc_rqst
> > *req)
> >                 return status;
> >         req->rq_xtime = ktime_get();
> >         status = xprt_sock_sendmsg(transport->sock, &msg, xdr, 0,
> > 0, &sent);
> > +       xdr_free_bvec(xdr);
> >  
> >         dprintk("RPC:       xs_udp_send_request(%u) = %d\n",
> >                         xdr->len, status);
>
> I think you're probably correct here.
>
> I was thinking we might have a similar bug in svc_tcp_sendmsg, but it
> looks like that one gets freed in svc_tcp_sendto.
>
> Reviewed-by: Jeff Layton <[email protected]>

No, this patch is unnecessary and won't be applied. We already do this
for all transports in xprt_request_dequeue_transmit().

--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
[email protected]