Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp555207pxf; Thu, 8 Apr 2021 08:25:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAqtIdECxEqgwLqRjB/dfotPTnWxBKQMEw3gXljAYnUYDQH+brI8ntVCj6xen2hj95s1v0 X-Received: by 2002:a50:d1d5:: with SMTP id i21mr12068490edg.15.1617895542036; Thu, 08 Apr 2021 08:25:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617895542; cv=none; d=google.com; s=arc-20160816; b=r5XUU/XkH+EMci3opNNbKc01rjdPLmzrIl935awQk62pYEQ5tJ+wgs6hU1/EEgdeX1 H0sfkGTztKEe6k3o+N0m7WHH4/DadTNwlWDZRai3Tk455WmtW8Rf6Eyll6hrS5oH9I89 4/9xG+bcFk+0RG7P+KfODFMVtvDWOBL4Z1DhOVE5x6uCtokkay2Uz217nuBlE06CMjpC IHkM3iLMnf3LjZXvB6N6wK5NgMW35V7altpG34Q5TaQA2ap4wn7Y4CDziFvO52w7uKCs u5WzEXB1ggYLnZqqCuiHynJzjgXz2w4QO/iecRTX+gT7yKAlGrnf88JkOiLQrCdPvbyu Ctow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=2DctV2bRWf9bByNN4jO+KZZov1aPn00QO4Vdegx2Cow=; b=T6Mf9o6aH+JNzc0OXydIU+NOaoAimYTM6IB8+JkJX2q2voqHHZ09fmRZTbF/yFHPX3 7jZGGAKwPi42VqMfaK6vssqcIlk+TRqwjA8SHoHTT24HMA8kGfGjjpj7WDuYvYdGUHCa Soh638wEJMAbbZBAFRDavAyifCRH+p583ImvhpVRuJw4CNJK+d3orio0VX3PPoMuBApI 4aQ8I0Olps5Yy6QFEhZTgo/mXjoMY8Ih41Fu6jrdAq1IbgBHmjXSI0f0qRmHF8w7xiGw evwzMkB4gwcim4u+cxr1wQnULF3040ENBVSyWeMiWpqdzwKaHLqVCrWz7OVHYjKDKl3p pzIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b="WX/inlae"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p12si14336757eji.19.2021.04.08.08.25.12; Thu, 08 Apr 2021 08:25:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b="WX/inlae"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231995AbhDHPZN (ORCPT + 99 others); Thu, 8 Apr 2021 11:25:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232220AbhDHPZK (ORCPT ); Thu, 8 Apr 2021 11:25:10 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97920C061763; Thu, 8 Apr 2021 08:24:58 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a7so3756051eju.1; Thu, 08 Apr 2021 08:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2DctV2bRWf9bByNN4jO+KZZov1aPn00QO4Vdegx2Cow=; b=WX/inlaeeRIbsG86uDWLNx7q9abVElPQlit8MiD/qADEh+BkApQz6ZTJFohiy78033 h2rm8PaFTYBZr60Er0hM6LkGcCOTobwmLaZaQp96KarlKd4mBvwomsSSLeRozAvzZwy6 INi/JbdycJcG3kjZ7cNA99vdxVe9z3Jfk4go68uQx5ujXaX81ZCmF0TqOANYvKip1kHp a4L5MqMnRQIJLQweJVwEw3SPMIvjuYwlP626MmsqqSeaW3oSDVYDq05UEmWGz77BC1aZ o/iBbvM8u89iteW2KMJAdo+Poa//SkEzFA3BaHmafDBE7PqVTY1gl8xdv/tPRWzi6S5Y 9Kjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2DctV2bRWf9bByNN4jO+KZZov1aPn00QO4Vdegx2Cow=; b=tddlTZdgakqIv4wy7B+TQ5drUb59f65pdxbZjf+VuE4MLMExclvsAWAZxyHvzNJr7w 6zD3uHpyZnGcwvFdQsxCZgV2eOxjI7wAl0tW+PIANGz3JuPiE5C16zdY6OaAmpzvTvGf kuSj42ellAY637Sc4LRxg/270RRPvlbu0nHOB8wm6SRpWlJEl/9EL6ziSh0zEjbbccgZ B7PRRu+HCXF7n+dW75HYW85wNImWCxLHawW0R6zt7/kCBRLFzoM5n2vlEj/qTbPsVab+ ZPy8IutpibOk/HNBm83bRjBq82H2QbsrukUeI+Gac50VNNcM8NEVths1E/TOyL0ZvxFp 6DnQ== X-Gm-Message-State: AOAM532UJGN/cF0IUWoAKLkI4fEKKMw245qKduz68mh339gCN09ZZxQn 7icT7sUIyEH9YHzkSw2MQTPOlkKZUlO5+Ku1R9o= X-Received: by 2002:a17:906:7194:: with SMTP id h20mr10309618ejk.432.1617895497312; Thu, 08 Apr 2021 08:24:57 -0700 (PDT) MIME-Version: 1.0 References: <20210407001658.2208535-1-pakki001@umn.edu> In-Reply-To: From: Olga Kornievskaia Date: Thu, 8 Apr 2021 11:24:45 -0400 Message-ID: Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg To: Trond Myklebust Cc: "pakki001@umn.edu" , "davem@davemloft.net" , "chuck.lever@oracle.com" , "dwysocha@redhat.com" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "kuba@kernel.org" , "bfields@fieldses.org" , "linux-nfs@vger.kernel.org" , "anna.schumaker@netapp.com" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, Apr 8, 2021 at 11:01 AM Trond Myklebust wrote: > > On Tue, 2021-04-06 at 19:16 -0500, Aditya Pakki wrote: > > In gss_pipe_destroy_msg(), in case of error in msg, gss_release_msg > > deletes gss_msg. The patch adds a check to avoid a potential double > > free. > > > > Signed-off-by: Aditya Pakki > > --- > > net/sunrpc/auth_gss/auth_gss.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/net/sunrpc/auth_gss/auth_gss.c > > b/net/sunrpc/auth_gss/auth_gss.c > > index 5f42aa5fc612..eb52eebb3923 100644 > > --- a/net/sunrpc/auth_gss/auth_gss.c > > +++ b/net/sunrpc/auth_gss/auth_gss.c > > @@ -848,7 +848,8 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) > > warn_gssd(); > > gss_release_msg(gss_msg); > > } > > - gss_release_msg(gss_msg); > > + if (gss_msg) > > + gss_release_msg(gss_msg); > > } > > > > static void gss_pipe_dentry_destroy(struct dentry *dir, > > > NACK. There's no double free there. I disagree that there is no double free, the wording of the commit describes the problem in the error case is that we call gss_release_msg() and then we call it again but the 1st one released the gss_msg. However, I think the fix should probably be instead: diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 5f42aa5fc612..e8aae617e981 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -846,7 +846,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) gss_unhash_msg(gss_msg); if (msg->errno == -ETIMEDOUT) warn_gssd(); - gss_release_msg(gss_msg); + return gss_release_msg(gss_msg); } gss_release_msg(gss_msg); } > > -- > Trond Myklebust > Linux NFS client maintainer, Hammerspace > trond.myklebust@hammerspace.com > >