Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3452490pxb; Mon, 1 Mar 2021 10:19:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJyXazmVfnj8dJQGbIh/pPRS6ydcFMETLFIQYjUAAGJYArIVV+08v1+neUrp7XkBoNhaxkFf X-Received: by 2002:a50:ed83:: with SMTP id h3mr5569058edr.140.1614622748611; Mon, 01 Mar 2021 10:19:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614622748; cv=none; d=google.com; s=arc-20160816; b=osnBbJLbGDZv8eOTy/5aqxzbpy04yVa4NUHlovkUiViHWxTUveXs8RoDKAuLVS9H+o jehDlRuZ03lZt7Fnvn4jxmJ/+0/etGuCcmuWGxDFgdSyvOFk6zTUL6wdw7uR7VQHu9fs RwjzSHV4MHb1ISujvY3cDN7KgfKPXDcuvSpnYLtGxQU+zaUlGGRPfA1So/01SO6tpnPS o2LI12y46QhRgwDGfiD4oRvwMHN6Vnls/0lznfsBGwOYeUUXvf0HoMDtxtE4iA0V36Cz Q55759+PhbP1PIakea68vUOvYJijcNW9nrrAl/y4GIH3L+keX46zJXmdfnzvgFwqjwzY 6EAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-filter; bh=rjCqC5B/e/3K7IJVmbYnA4z8n9Vw0Lr5RM/YaB743ZM=; b=v93RmviK4wN/9blpLAp+pcDdllCB4LPuAzz4AxxqqiZlbz/G6WgJWcLeZIGRQ1rxkF Jn28mfxiZO9ziwpWqe8OYtu9bzx8Xy5JA5Bzn3jGv7Bwyfu0rsa9znhcJ2aobHGwscLO dmBbAybVGHlLHgn5ACPZI1266V4f1Ck0JPFLdzyt0pmdmhRT134tvi239RUibYm3YBCS cRV0vBYzVOPuOmlrdHJ7Zbg0tWk5llLtb9lDvDmp0f97QZe1iNS4ASz3QHudX2JrwZdo f9vYe0AhW8Q7vEjkcxPsJuXRWnkgNiFwPbDkod1WCe12t+u2PcJi/4PRCB0AxcX9jM0t 31Tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=NDn6u2cu; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v4si12857216edj.37.2021.03.01.10.18.36; Mon, 01 Mar 2021 10:19:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=NDn6u2cu; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239412AbhCASR2 (ORCPT + 99 others); Mon, 1 Mar 2021 13:17:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239424AbhCASPp (ORCPT ); Mon, 1 Mar 2021 13:15:45 -0500 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A703C061788 for ; Mon, 1 Mar 2021 10:15:03 -0800 (PST) Received: by fieldses.org (Postfix, from userid 2815) id 6D34635DC; Mon, 1 Mar 2021 13:15:01 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 6D34635DC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1614622501; bh=rjCqC5B/e/3K7IJVmbYnA4z8n9Vw0Lr5RM/YaB743ZM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=NDn6u2cuKFw2ksMMVn7KYLfDBUy50MwLYHhYeAnNGSIj9DjxqUMb9+oo/2pw3HJv8 vEuu5fKgkoM++uuag/ZS4b3BdKYVNSVUZbl5XLQ9qKIBuSNmnZbrjgAiEH3gDGRWV3 wrlD4VPR3xz3yc6XPSxnb1OK9Gov8NAVJoFlGu6Y= Date: Mon, 1 Mar 2021 13:15:01 -0500 From: Bruce Fields To: Chuck Lever Cc: Daniel Kobras , Linux NFS Mailing List Subject: Re: [PATCH] sunrpc: fix refcount leak for rpc auth modules Message-ID: <20210301181501.GC11772@fieldses.org> References: <20210226230437.jfgagcq5magzlrtv@tuedko18.puzzle-itc.de> <20210301162820.GB11772@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Mon, Mar 01, 2021 at 05:44:02PM +0000, Chuck Lever wrote: > > So, the effect of this is to call svc_authorise more often. I think > > that's always safe, because svc_authorise is a no-op unless rq_authops > > is set, it clears rq_authops itself, and rq_authops being set is a > > guarantee that ->accept() already ran. > > > > It's harder to know if this solves the problem, as I see a lot of other > > mentions of THIS_MODULE in svcauth_gss.c. > > Perhaps a deeper audit is necessary. > > A small code change to inject SVC_CLOSE returns at random would enable > a more dynamic analysis. That might be interesting. I don't think tihs patch necessarily has to wait for that. > > Possibly orthogonal to this problem, but: svcauth_gss_release > > unconditionally dereferences rqstp->rq_auth_data. Isn't that a NULL > > dereference if the kmalloc at the start of svcauth_gss_accept() fails? > > > > Finally, should we care about module reference leaks? > > I would prefer that module reference counting work as expected. When it > doesn't that tends to lead to people (say, me) hunting for bugs that > might actually be serious. > > > > Does anyone really *need* to unload modules? > > Anyone who wants to replace the module with a newer build that fixes a > bug. It avoids a full reboot, and for some that's important. Fair enough. --b.