Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4150563ybl; Tue, 21 Jan 2020 13:57:04 -0800 (PST) X-Google-Smtp-Source: APXvYqxnobKE2XGOjoVcR2OrHkAP/5ykNOShXXPe8bhnazUT6MFeP91wI+B6MzkAbeZbKp0V5Auf X-Received: by 2002:a05:6830:2110:: with SMTP id i16mr4948215otc.337.1579643824715; Tue, 21 Jan 2020 13:57:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579643824; cv=none; d=google.com; s=arc-20160816; b=Mu4vbXnlu3eMSCLbSkWQ7a4KPCOZximDYKobw2+FxE7JRp4Ocz24M5IrtWefff8YAB 35D3C/xdEvQB9nPRQ0WntkY+EKMWJ9e9GjqG+lmieveWswsvhQaUEr4EsgQSdkpHlm2D dmQozrVBi1+qG1qW/2bfDyhQ5DMas7vQSXaUMc1IkbvA/FuAVxTm5EXnWTcwEaTPfskg QTeGqQSNCTwcGEW83yV6u4NoRUu0FCMMjSjpB4Kelzk2+v3n4YMfMkSelzODuAQHZmKn v+BZvGzSaZ1OJD18M23dhVTURmIuvNvwc0ASxjSIMOCzPJ0FErDlV1IacPQzw+eADAcx 7NIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Lxp4dj0ZUXUCX2OuXjDqEQzdRovkPjxeBfITEqqx0Ts=; b=PfaSdetbexjoo3Wz2oKlAceIwiDRBUdiWwslog3EaI8U6e3XtdKkQbKl9v0Lumzm1L JAWLuRcWKCdyUvOaTIeX2UB0PtKs5ecQ6kKSHbi2fHrIAQzXYEeoR5xjsilnqvgzXumT CXtkQ/ZbDvZ1Rc+icwEjSMgktGxZoBgo/uAwltUsu6FxVlyx+USAKn8Jo6esomCoB7jV 6BWfi6ZOdGSzaesH3E64z7vqmQlp8TU6/G11fAwE7oBQ/nRLJ/4OVnt/qBwsmpY1UQbr JLGIHKtDQQTTSzPXc8olqVtOm32Q89UlUPVeQ/gZItnCC0DTPfn9sZAk6ggBQmqNIzc4 WU7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=gxjkQH4i; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v25si20941572ote.90.2020.01.21.13.56.44; Tue, 21 Jan 2020 13:57:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=gxjkQH4i; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728904AbgAUV4n (ORCPT + 99 others); Tue, 21 Jan 2020 16:56:43 -0500 Received: from mail-ua1-f68.google.com ([209.85.222.68]:41687 "EHLO mail-ua1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728799AbgAUV4n (ORCPT ); Tue, 21 Jan 2020 16:56:43 -0500 Received: by mail-ua1-f68.google.com with SMTP id f7so1641090uaa.8; Tue, 21 Jan 2020 13:56:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Lxp4dj0ZUXUCX2OuXjDqEQzdRovkPjxeBfITEqqx0Ts=; b=gxjkQH4iyLeK/ARyfGDTzPnwWrrl48J9AQBQSJMYqxohjRnpa9zGcCQEMVH8WLpg+V DpnvyDCRQftxWNXQucuFQViwXfdyfJtx3hBJO1BdFFOszu+pRrgE9kEBa9Cf0XIxWRiN 5LJROjubPmwRKLY1PwmpICBQ5ao0ZH/pZlSSBGPv1AsH4pIu2/F2mAaJIrlDEk9q7763 wQbC6E3Wysoq+VbttMdvj0H+Gb2JXx2vyd8MlB6mVLt0Eeik+/iWL0Q9/dHs5tg1T2GR DcUa3bLYGOJEErqfJtAqlCNaZP568wGQdPNg98+q+L8Qg5zDsLhxYrnLLSYHI5Axrphz tcjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Lxp4dj0ZUXUCX2OuXjDqEQzdRovkPjxeBfITEqqx0Ts=; b=UsQOTlD1bwTz2EhLFezCA4ywg0Ip+vbrCktntx49rl+++jyx4g37DzOR5lDSDXhQqr MhqI8J1ncx/g5T1gpte04ARcKK3mEeAEoERhbsv3r4l0Vopc9m3jWwF6gaVuHUsRvxA5 +x5EPirJIQqRGWUzPjokIvAl48n5U3KXKqSn/SDTmq6sGmrE/dti+VPVGCG2zoOtLSHk GzrxnrEUjXLfszZzcOf7B8Oapd3EvRkAP0IQA97AL4NhLrrWQ9vziWg+1g4Mhs1hvXiA lV51wx26gKQ6VLsrOMFMagPHO8RPOFlsdBPMNg9YoIAobNRTi9fDORMQ5ZI5dDahx0r4 3J5Q== X-Gm-Message-State: APjAAAX1PctvnCLUIhawqUU5XHwCsIOe7oBeNf/deFKKFeKwR2pnYaMM w0zr+nUN8DZgnNrsMt8R2TtGAHaezJa/e1vnwbY= X-Received: by 2002:ab0:710c:: with SMTP id x12mr4270380uan.81.1579643802212; Tue, 21 Jan 2020 13:56:42 -0800 (PST) MIME-Version: 1.0 References: <20200113132307.frp6ur5zhzolu5ys@kili.mountain> In-Reply-To: <20200113132307.frp6ur5zhzolu5ys@kili.mountain> From: Olga Kornievskaia Date: Tue, 21 Jan 2020 16:56:31 -0500 Message-ID: Subject: Re: [PATCH] nfsd4: fix double free in nfsd4_do_async_copy() To: Dan Carpenter , "J. Bruce Fields" Cc: Olga Kornievskaia , Chuck Lever , linux-nfs , kernel-janitors@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Mon, Jan 13, 2020 at 8:24 AM Dan Carpenter wrote: > > This frees "copy->nf_src" before and again after the goto. > > Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy") > Signed-off-by: Dan Carpenter > --- > fs/nfsd/nfs4proc.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c > index 1e14b3ed5674..c90c24c35b2e 100644 > --- a/fs/nfsd/nfs4proc.c > +++ b/fs/nfsd/nfs4proc.c > @@ -1469,7 +1469,6 @@ static int nfsd4_do_async_copy(void *data) > copy->nf_src->nf_file = nfs42_ssc_open(copy->ss_mnt, ©->c_fh, > ©->stateid); > if (IS_ERR(copy->nf_src->nf_file)) { > - kfree(copy->nf_src); > copy->nfserr = nfserr_offload_denied; > nfsd4_interssc_disconnect(copy->ss_mnt); > goto do_callback; > -- > 2.11.0 > Reviewed-by: Olga Kornievskaia Bruce, can you add this to your nfsd-next?