Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp830572rdb; Sun, 18 Feb 2024 14:17:34 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUtOKvWRjvVkfdqflvn28glQ5BZJNPpCBj0Ffn5+i9nY6NsW4trnnUz3o4eqreFACZwAQk6HJhNhiDKYWpW+iq0GyyPCzBfDxRGHt2YNw== X-Google-Smtp-Source: AGHT+IFRK2R+Fp52xjD92+MU53hTE5EEP5go3I0afTXSuJY5/TPQe54iFHQ+l8124u8FUYPzf35D X-Received: by 2002:a05:6a20:3156:b0:1a0:5c40:1730 with SMTP id 22-20020a056a20315600b001a05c401730mr9990746pzk.28.1708294653810; Sun, 18 Feb 2024 14:17:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708294653; cv=pass; d=google.com; s=arc-20160816; b=r14MWNnrP0EVMX1Q2JwDyzwmc5kAY5/3lnbbUHHF2lPR72GZB898qmBJ/l8fsLUHn5 nLMJNiwDJ7Xi8vjuuQShOqOuV48KG5ISQ5DAgfRaORbmPfBssH59OrhKSe9rL1/lKzjI DUhJnTWqJyI4ag/NYmBqIs45ayuGBPCT09WE3/ncPWVXRw46rdCr2NMwAhSfXWpmNz9K sdCR1FRjy5Una8pF73QSsR7nVR+V7ASIODqa1/C3yrurp/oOdYCmYo5CWG6gusnHteT4 QnHzBb8QLI/4NCgcnYHpK57RsMeH5/PIobd/Jl3OJYj9hYC6AfLtVwcWnvB0wrsNHaGG vCVA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:references:in-reply-to:subject:cc:to:from :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :content-transfer-encoding:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=4mA7lxWiF+oraQAzGHICYfdobEjl/bRVoJRdYvmZznk=; fh=iGPVt1wcloE6Jcer9uM/IDlc2Jz5SIzFt60jHEG2Ars=; b=DQ3+GBDdvl1vvWzwhxTMGJeXUaxQ+mfJbeMX54MtD2Wl8tEOxF9BdSqO/qUkz3y3RY fQoH988sq8KItbJpR0QoWkqb0MtaXNnOtzeJDF/IBhYV5W+PJd6RzSgkpfpNEgrnjW3h dmDwnCO4dU+SKf7X6F+F824DBMUMZSMqMxxL+Yh+TigtB//xf9xIZBGCmHG5K/uH/gA5 bzAKrbjdVEyl8AzY0h6Jniv5wJU7bEQaG7qkupHq17oB9/uaOyvvicNPK6+gbyVURRgi glh0MQYZiFHC46dd4YR5arCA8JXGVAbOHVcZ2T2V/0+F98yZP9ju118D+hteUJGXeJ0Y FftQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=asDq1yQ4; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=2wxVesKX; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=BfheGFLK; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-nfs+bounces-2023-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-nfs+bounces-2023-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id l3-20020a63ba43000000b005dc8b2148ccsi3331797pgu.836.2024.02.18.14.17.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 14:17:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs+bounces-2023-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=asDq1yQ4; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=2wxVesKX; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=BfheGFLK; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-nfs+bounces-2023-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-nfs+bounces-2023-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 59687281193 for ; Sun, 18 Feb 2024 22:17:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4C63974295; Sun, 18 Feb 2024 22:17:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="asDq1yQ4"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="2wxVesKX"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="BfheGFLK"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="+2Kjx3re" X-Original-To: linux-nfs@vger.kernel.org Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBED16F07C; Sun, 18 Feb 2024 22:17:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708294651; cv=none; b=m3/NK8P6F+928KR81KII1DHUVVKwoK8sH7viSHcITRKdmdU9g5CTrJyZ2I/7IUDbjQ5UfG0KrXYDdD1Jw5BfnNzE5CiwScZgYB4Pn+vhLpRMtA3WO05Y8v6XDCmiub22f1zJY1TdXanUIE8qjaLOyi2C9yZbsFeMSVSjHB0EuSY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708294651; c=relaxed/simple; bh=ChOSezAKDLZ/7An8MXAMha+Vzh5/qiW3BtupqQXeTO0=; h=Content-Type:MIME-Version:From:To:Cc:Subject:In-reply-to: References:Date:Message-id; b=tS1F+hKbNcYCKQ59nrYiSzh/bfgZz7HSbbN445uPdGXoZqJqCBcjdg2zU1+/+35vsbMoVIfpK/hRV+qqyTf7d5FcUm7xEfgFemO8BEWorSo4V22YjIX9hXM81M5PY+S6ssgZcm+pKcSaRml5yvs2Wc9NPU+Kx+MOniK0VH84qWQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=asDq1yQ4; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=2wxVesKX; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=BfheGFLK; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=+2Kjx3re; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 9A12421CFB; Sun, 18 Feb 2024 22:17:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1708294647; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4mA7lxWiF+oraQAzGHICYfdobEjl/bRVoJRdYvmZznk=; b=asDq1yQ4L7FWy6q9LD2Vox8ecrqIRgidVV1K1QbPIDmlmjCWeO0PH9oyaEBmQx0j7Ru3/G ov2ncc0N1pJDZEl15tSHVu3a8eza3+avaVx3FqMJSXi4XZZ8JFiSDVYA9bLA3lrHh33Ktu 60Bdy3PB80fG071T9kEfk/youbHAOQw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1708294647; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4mA7lxWiF+oraQAzGHICYfdobEjl/bRVoJRdYvmZznk=; b=2wxVesKXcZOdfdHXfgnGVBZWVemhzl+iVobcuOLYzGSPqm80rDaPywiDWBiExn7dS8pJog uP4+2AKJn7H7KcAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1708294644; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4mA7lxWiF+oraQAzGHICYfdobEjl/bRVoJRdYvmZznk=; b=BfheGFLK5Rmp5ISvInUbqhbJRsJVlTJ0HaoCbb2gK0r6OMVs6O5yiV8SdkL0YMviSoZAsn Nz8JvaNstKKq47lfRfSxvguoHCUif0HasclGKjKOiri5zZC0IL+mLj/gEXf/RCNvUhrN7R GweeKfNigVuKCD3T+SCIK1QVu1erlXM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1708294644; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4mA7lxWiF+oraQAzGHICYfdobEjl/bRVoJRdYvmZznk=; b=+2Kjx3reNhyXgwOBXpw+4lSOWNb3HDwsJIT1nSCJsoABcffyEKvkfaLeVUJTdmxeOQNCSP nO4/Vsoau7AorlAw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4FD8C139D8; Sun, 18 Feb 2024 22:17:21 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap1.dmz-prg2.suse.org with ESMTPSA id gYqIAfGB0mVqBgAAD6G6ig (envelope-from ); Sun, 18 Feb 2024 22:17:21 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "NeilBrown" To: "Fedor Pchelkin" Cc: "Aleksandr Burakov" , "Chuck Lever" , "Jeff Layton" , linux-nfs@vger.kernel.org, "Dai Ngo" , linux-kernel@vger.kernel.org, "Tom Talpey" , "Olga Kornievskaia" , lvc-project@linuxtesting.org Subject: Re: [lvc-project] [PATCH] nfsd: fix memory leak in __cld_pipe_inprogress_downcall() In-reply-to: References: <20240216134541.31577-1-a.burakov@rosalinux.ru>, Date: Mon, 19 Feb 2024 09:17:18 +1100 Message-id: <170829463835.1530.4794427167476868043@noble.neil.brown.name> Authentication-Results: smtp-out1.suse.de; none X-Spam-Level: X-Spam-Score: -1.30 X-Spamd-Result: default: False [-1.30 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-0.999]; RCPT_COUNT_SEVEN(0.00)[10]; DBL_BLOCKED_OPENRESOLVER(0.00)[linuxtesting.org:url,princhash.data:url,rosalinux.ru:email,name.data:url]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-0.00)[20.82%] X-Spam-Flag: NO On Mon, 19 Feb 2024, Fedor Pchelkin wrote: > Hello Aleksandr, >=20 > On 24/02/16 04:45PM, Aleksandr Burakov wrote: > > Dynamic memory, referenced by 'princhash.data' and 'name.data',=20 > > is allocated by calling function 'memdup_user' and lost=20 > > at __cld_pipe_inprogress_downcall() function return >=20 > It is not actually lost. If nfs4_client_to_reclaim() fails and thus > returns NULL - this error case is already properly handled. >=20 > If nfs4_client_to_reclaim() succeeds then reference to the memory in > question is passed to crp->cr_name.data and crp->cr_princhash.data > correspondingly, and crp->cr_strhash entry is added to the list associated > with nfsd_net. In this case the memory is supposed to be freed by > nfs4_remove_reclaim_record(). See comment for nfs4_client_to_reclaim(). >=20 > So I think the patch just introduces a double-free. Agreed - this patch is incorrect. Thanks, NeilBrown >=20 > >=20 > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > >=20 > > Fixes: 11a60d159259 ("nfsd: add a "GetVersion" upcall for nfsdcld") > > Signed-off-by: Aleksandr Burakov > > --- > > fs/nfsd/nfs4recover.c | 2 ++ > > 1 file changed, 2 insertions(+) > >=20 > > diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c > > index 2c060e0b1604..02663484782d 100644 > > --- a/fs/nfsd/nfs4recover.c > > +++ b/fs/nfsd/nfs4recover.c > > @@ -850,6 +850,8 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v= 2 __user *cmsg, > > kfree(princhash.data); > > return -EFAULT; > > } > > + kfree(name.data); > > + kfree(princhash.data); > > return nn->client_tracking_ops->msglen; > > } > > return -EFAULT; > > --=20 > > 2.25.1 >=20 > -- > Fedor >=20 >=20