lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140207154523.GB30718@localhost.localdomain>
Date:	Fri, 7 Feb 2014 13:45:24 -0200
From:	Rafael Aquini <aquini@...hat.com>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	linux-kernel@...r.kernel.org, trond.myklebust@...marydata.com,
	jstancek@...hat.com, mgorman@...e.de, riel@...hat.com,
	linux-nfs@...r.kernel.org, akpm@...ux-foundation.org,
	linux-mm@...ck.org
Subject: Re: [PATCH] mm: fix page leak at nfs_symlink()

On Fri, Feb 07, 2014 at 10:39:24AM -0500, Jeff Layton wrote:
> On Fri,  7 Feb 2014 13:19:54 -0200
> Rafael Aquini <aquini@...hat.com> wrote:
> 
> > Changes committed by "a0b8cab3 mm: remove lru parameter from
> > __pagevec_lru_add and remove parts of pagevec API" have introduced
> > a call to add_to_page_cache_lru() which causes a leak in nfs_symlink() 
> > as now the page gets an extra refcount that is not dropped.
> > 
> > Jan Stancek observed and reported the leak effect while running test8 from
> > Connectathon Testsuite. After several iterations over the test case,
> > which creates several symlinks on a NFS mountpoint, the test system was
> > quickly getting into an out-of-memory scenario.
> > 
> > This patch fixes the page leak by dropping that extra refcount 
> > add_to_page_cache_lru() is grabbing. 
> > 
> > Signed-off-by: Jan Stancek <jstancek@...hat.com>
> > Signed-off-by: Rafael Aquini <aquini@...hat.com>
> > ---
> >  fs/nfs/dir.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> > 
> > diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> > index be38b57..4a48fe4 100644
> > --- a/fs/nfs/dir.c
> > +++ b/fs/nfs/dir.c
> > @@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
> >  							GFP_KERNEL)) {
> >  		SetPageUptodate(page);
> >  		unlock_page(page);
> > +		/*
> > +		 * add_to_page_cache_lru() grabs an extra page refcount.
> > +		 * Drop it here to avoid leaking this page later.
> > +		 */
> > +		page_cache_release(page);
> >  	} else
> >  		__free_page(page);
> >  
> 
> Looks reasonable as an interim fix and should almost certainly go to
> stable.
> 
> Longer term, I think it would be best from an API standpoint to fix
> add_to_page_cache_lru not to take this extra reference (or to have it
> drop it itself) and fix up the callers accordingly. That seems like a
> trap for the unwary...
>

100% agreed. I'll look into the long term approach you suggested, but as
you mentioned, the interim fix is the reasonable thing to go with now, for
mainline and stable.

Thanks for looking into it Jeff.

-- Rafael 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ