lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 7 Feb 2014 10:39:24 -0500
From:	Jeff Layton <jlayton@...hat.com>
To:	Rafael Aquini <aquini@...hat.com>
Cc:	linux-kernel@...r.kernel.org, trond.myklebust@...marydata.com,
	jstancek@...hat.com, mgorman@...e.de, riel@...hat.com,
	linux-nfs@...r.kernel.org, akpm@...ux-foundation.org,
	linux-mm@...ck.org
Subject: Re: [PATCH] mm: fix page leak at nfs_symlink()

On Fri,  7 Feb 2014 13:19:54 -0200
Rafael Aquini <aquini@...hat.com> wrote:

> Changes committed by "a0b8cab3 mm: remove lru parameter from
> __pagevec_lru_add and remove parts of pagevec API" have introduced
> a call to add_to_page_cache_lru() which causes a leak in nfs_symlink() 
> as now the page gets an extra refcount that is not dropped.
> 
> Jan Stancek observed and reported the leak effect while running test8 from
> Connectathon Testsuite. After several iterations over the test case,
> which creates several symlinks on a NFS mountpoint, the test system was
> quickly getting into an out-of-memory scenario.
> 
> This patch fixes the page leak by dropping that extra refcount 
> add_to_page_cache_lru() is grabbing. 
> 
> Signed-off-by: Jan Stancek <jstancek@...hat.com>
> Signed-off-by: Rafael Aquini <aquini@...hat.com>
> ---
>  fs/nfs/dir.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index be38b57..4a48fe4 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
>  							GFP_KERNEL)) {
>  		SetPageUptodate(page);
>  		unlock_page(page);
> +		/*
> +		 * add_to_page_cache_lru() grabs an extra page refcount.
> +		 * Drop it here to avoid leaking this page later.
> +		 */
> +		page_cache_release(page);
>  	} else
>  		__free_page(page);
>  

Looks reasonable as an interim fix and should almost certainly go to
stable.

Longer term, I think it would be best from an API standpoint to fix
add_to_page_cache_lru not to take this extra reference (or to have it
drop it itself) and fix up the callers accordingly. That seems like a
trap for the unwary...

-- 
Jeff Layton <jlayton@...hat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ