Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp4903536ybc; Fri, 15 Nov 2019 11:53:23 -0800 (PST) X-Google-Smtp-Source: APXvYqwKJHZGsO7F2TpErjyCsO0r9lt1irWqlYbeoKGOM44Yt3e5c9F7WGTTfRPmwY5Vs+0Qn0nY X-Received: by 2002:a17:906:27c5:: with SMTP id k5mr3189445ejc.173.1573847603391; Fri, 15 Nov 2019 11:53:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573847603; cv=none; d=google.com; s=arc-20160816; b=Uhl10YVP5Ex8/Z7iikT73k0gepQcMcI3DE+QJjGijC1YOsPPB+mFgsMzBaIEW2haHb CL4sjhJVpkxv/O1TlEqR2SJtZ/wle5oP9DA/SzOn3fl6O9Bd/x6KH+4X/4+jVz+KsoyZ Oo8t4IHauYRJ+RZM5Fto+dMw5eNNtlxpePHzwqVQzp12EErvYakVseLev7/0zHSL5AHj MtUnwSkS4QJThaPbJL/L6Ck3le9tUSaD2oQoJf3SCP9CrFLV+b/DQYnTNB5C1kcb+w61 D8cRM0DGqdgwdQt8CrGZFFDherfOk/ZDikX2omoKrKq6xMVI7cpkfjex0Qr9avUUTU8Q UN4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=HHbI26fz+zQpABS0zqXiY8c4KjnBwCq3pE9F7Wnb8fY=; b=HjiLh0Q3mwEe142Jl3f671R3M67PV4Q9UkrYKHGmDmAre+S0Zl9u1NXfe/V45HgVUw Fe2cuRjbkGKyRE7o8k/OxnqOfxpuknNuLUsjaiXcWGh+waVunzYUk/Xf5QTRVhG9hFpr BacBnKywgjS27QqRuupstbn2t672UP78kj7Y4EqnoIEbWetvWnbu2iUsDqmdvHC6kjtd WF5yJCUmZ+UqMS8Nrzud0Ct6Gbj+3XV01nbTlzjcaDpvuMV4LlwEQZLULmr+mlNlEqO+ TKpTSMYnFGjmdeTlKATsSKXJp00zN7KmoAHNbqmew8YVqcV1mCkyjliOKxj8pRktcVQb LZGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=J2q0LIOq; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d10si3722115edo.298.2019.11.15.11.52.58; Fri, 15 Nov 2019 11:53:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=J2q0LIOq; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726894AbfKOTwH (ORCPT + 99 others); Fri, 15 Nov 2019 14:52:07 -0500 Received: from mail-ua1-f65.google.com ([209.85.222.65]:45495 "EHLO mail-ua1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726567AbfKOTwH (ORCPT ); Fri, 15 Nov 2019 14:52:07 -0500 Received: by mail-ua1-f65.google.com with SMTP id w10so906321uar.12; Fri, 15 Nov 2019 11:52:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HHbI26fz+zQpABS0zqXiY8c4KjnBwCq3pE9F7Wnb8fY=; b=J2q0LIOq9UNr8vaWrhFjK3y7keJnCFExHpkVvk1zXXQkwtbojNxqPueOGrFo+4lQfP Ob2upH2NnhOl8e3FxPoLV0SjuA3Txr9caDvzDsJ5ljV6kQIFoNJYKRbjoo5fFy+Y0oax 9hYgpJU54IFLr2pKqbjFyycL265BkrtHoxfuMjrgVMtvi//MC7IctsbWYF+V8xwwhD2i CtDxHGWDoiNpPGUPwDJm6e0wajE/DblDMTbw89gVaeBcSzbRWqsWt/XZbHWJ0d3UF9yg E6ucy09GLMjWYkp1bFQQMWNQTMw1qq/ftSt/CuLwiHb0VB8LY6GZHTPqaJ/WO1/7nsgP srXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HHbI26fz+zQpABS0zqXiY8c4KjnBwCq3pE9F7Wnb8fY=; b=FLIKwIAZq3QlD0Em0UBkGe4Qz6JfPQrzWAAD97w0ManS7hu8aLeVSDyKetCIv5lfis 8WlVmyj+SjmoTZXfcIZz1xjMemxI6jVE+qjNvoyjDF0hnZSpi0CUfhufabdldlAKQTkx 0Dbxj0axmUFqTwsMYupLvbikhKzdNVul+7aJNIEHwDHDBX1geYq/oUgOsJSMTcaCKIz/ w+U4eLKtTDOty9OQOA7kLORTaMEPgklcYnq2bWhRuhYXlvB0q/kTqe8ZaS66Q50u6hS0 4iqyhqHSxyrUpj+SpoLBYXyteOqyiTr88D0M4Se4g2JVnlichQe2oryrbS6/myZcnbVK V50g== X-Gm-Message-State: APjAAAWpvlL3wvT91V2JvcvCRWC9258uKe26IRdEDjqUfL/oxUe3ia+Y zl+8UDgbvdZCtzDO+zHfX2VJ8nan/JGwkFL2Fy7Jtg== X-Received: by 2002:ab0:1c06:: with SMTP id a6mr9926650uaj.93.1573847526571; Fri, 15 Nov 2019 11:52:06 -0800 (PST) MIME-Version: 1.0 References: <3d8e949c-e266-c4f7-5179-c06ab3629418@canonical.com> In-Reply-To: <3d8e949c-e266-c4f7-5179-c06ab3629418@canonical.com> From: Olga Kornievskaia Date: Fri, 15 Nov 2019 14:51:55 -0500 Message-ID: Subject: Re: NFS: inter ssc open (memory leak detected) To: Colin Ian King Cc: Olga Kornievskaia , Trond Myklebust , Anna Schumaker , linux-nfs , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Fri, Nov 15, 2019 at 4:24 AM Colin Ian King wrote: > > Hi, > > Static analysis with Coverity has detected a memory leak in the > following commit: > > commit ec4b0925089826af45e99cdf78a8ac84c1d005f1 > Author: Olga Kornievskaia > Date: Tue Oct 8 16:33:53 2019 -0400 > > NFS: inter ssc open > > > In function nfs42_ssc_open(), fs/nfs/nfs4file.c, analysis is as follows: > > 3. alloc_fn: Storage is returned from allocation function kzalloc. > 4. var_assign: Assigning: read_name = storage returned from > kzalloc(len, 3136U). > 336 read_name = kzalloc(len, GFP_NOFS); > > 5. Condition read_name == NULL, taking false branch. > 337 if (read_name == NULL) > 338 goto out; > > 6. noescape: Resource read_name is not freed or pointed-to in snprintf. > 339 snprintf(read_name, len, SSC_READ_NAME_BODY, read_name_gen++); > 340 > 341 r_ino = nfs_fhget(ss_mnt->mnt_root->d_inode->i_sb, src_fh, > &fattr, > 342 NULL); > > 7. Condition IS_ERR(r_ino), taking true branch. > 343 if (IS_ERR(r_ino)) { > 344 res = ERR_CAST(r_ino); > > 8. Jumping to label out. > 345 goto out; > 346 } > 347 > 348 filep = alloc_file_pseudo(r_ino, ss_mnt, read_name, FMODE_READ, > 349 r_ino->i_fop); > 350 if (IS_ERR(filep)) { > 351 res = ERR_CAST(filep); > 352 goto out; > 353 } > 354 filep->f_mode |= FMODE_READ; > 355 > 356 ctx = alloc_nfs_open_context(filep->f_path.dentry, filep->f_mode, > 357 filep); > 358 if (IS_ERR(ctx)) { > 359 res = ERR_CAST(ctx); > 360 goto out_filep; > 361 } > 362 > 363 res = ERR_PTR(-EINVAL); > 364 sp = nfs4_get_state_owner(server, ctx->cred, GFP_KERNEL); > 365 if (sp == NULL) > 366 goto out_ctx; > 367 > 368 ctx->state = nfs4_get_open_state(r_ino, sp); > 369 if (ctx->state == NULL) > 370 goto out_stateowner; > 371 > 372 set_bit(NFS_SRV_SSC_COPY_STATE, &ctx->state->flags); > 373 set_bit(NFS_OPEN_STATE, &ctx->state->flags); > 374 memcpy(&ctx->state->open_stateid.other, &stateid->other, > 375 NFS4_STATEID_OTHER_SIZE); > 376 update_open_stateid(ctx->state, stateid, NULL, filep->f_mode); > 377 > 378 nfs_file_set_open_context(filep, ctx); > 379 put_nfs_open_context(ctx); > 380 > 381 file_ra_state_init(&filep->f_ra, > filep->f_mapping->host->i_mapping); > 382 res = filep; > 383out: > > CID 91575 (#1-2 of 2): Resource leak (RESOURCE_LEAK) > > 9. leaked_storage: Variable read_name going out of scope leaks the > storage it points to. > > 384 return res; > > > Looks like there are several return paths to out: that leak the > allocation of read_name. Thanks will fix.