| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1499092406.79205.1.camel@primarydata.com>
Date: Mon, 3 Jul 2017 14:33:29 +0000
From: Trond Myklebust <trondmy@...marydata.com>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC: "kinglongmee@...il.com" <kinglongmee@...il.com>,
"Anna.Schumaker@...app.com" <Anna.Schumaker@...app.com>,
Trond Myklebust <trondmy@...marydata.com>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH 3.18 14/36] NFSv4: fix a reference leak caused WARNING
messages
Hi Greg,
On Mon, 2017-07-03 at 15:34 +0200, Greg Kroah-Hartman wrote:
> 3.18-stable review patch. If anyone has any objections, please let
> me know.
I cannot find commit a974deee477af89411e0f80456bfb344ac433c98 in
v3.18.59, so I think we should probably drop this patch instance.
Thanks for applying it to the newer stable kernels!
Cheers
Trond
>
> ------------------
>
> From: Kinglong Mee <kinglongmee@...il.com>
>
> commit 366a1569bff3fe14abfdf9285e31e05e091745f5 upstream.
>
> Because nfs4_opendata_access() has close the state when access is
> denied,
> so the state isn't leak.
> Rather than revert the commit a974deee47, I'd like clean the strange
> state close.
>
> [ 1615.094218] ------------[ cut here ]------------
> [ 1615.094607] WARNING: CPU: 0 PID: 23702 at lib/list_debug.c:31
> __list_add_valid+0x8e/0xa0
> [ 1615.094913] list_add double add: new=ffff9d7901d9f608,
> prev=ffff9d7901d9f608, next=ffff9d7901ee8dd0.
> [ 1615.095458] Modules linked in: nfsv4(E) nfs(E) nfsd(E) tun bridge
> stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock f2fs
> snd_seq_midi snd_seq_midi_event fscrypto coretemp ppdev
> crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_rapl_perf
> vmw_balloon snd_ens1371 joydev gameport snd_ac97_codec ac97_bus
> snd_seq snd_pcm snd_rawmidi snd_timer snd_seq_device snd soundcore
> nfit parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm
> i2c_piix4 vmw_vmci shpchp auth_rpcgss nfs_acl lockd(E) grace
> sunrpc(E) xfs libcrc32c vmwgfx drm_kms_helper ttm drm crc32c_intel
> mptspi e1000 serio_raw scsi_transport_spi mptscsih mptbase
> ata_generic pata_acpi fjes [last unloaded: nfs]
> [ 1615.097663] CPU: 0 PID: 23702 Comm: fstest Tainted:
> G W E 4.11.0-rc1+ #517
> [ 1615.098015] Hardware name: VMware, Inc. VMware Virtual
> Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
> [ 1615.098807] Call Trace:
> [ 1615.099183] dump_stack+0x63/0x86
> [ 1615.099578] __warn+0xcb/0xf0
> [ 1615.099967] warn_slowpath_fmt+0x5f/0x80
> [ 1615.100370] __list_add_valid+0x8e/0xa0
> [ 1615.100760] nfs4_put_state_owner+0x75/0xc0 [nfsv4]
> [ 1615.101136] __nfs4_close+0x109/0x140 [nfsv4]
> [ 1615.101524] nfs4_close_state+0x15/0x20 [nfsv4]
> [ 1615.101949] nfs4_close_context+0x21/0x30 [nfsv4]
> [ 1615.102691] __put_nfs_open_context+0xb8/0x110 [nfs]
> [ 1615.103155] put_nfs_open_context+0x10/0x20 [nfs]
> [ 1615.103586] nfs4_file_open+0x13b/0x260 [nfsv4]
> [ 1615.103978] do_dentry_open+0x20a/0x2f0
> [ 1615.104369] ? nfs4_copy_file_range+0x30/0x30 [nfsv4]
> [ 1615.104739] vfs_open+0x4c/0x70
> [ 1615.105106] ? may_open+0x5a/0x100
> [ 1615.105469] path_openat+0x623/0x1420
> [ 1615.105823] do_filp_open+0x91/0x100
> [ 1615.106174] ? __alloc_fd+0x3f/0x170
> [ 1615.106568] do_sys_open+0x130/0x220
> [ 1615.106920] ? __put_cred+0x3d/0x50
> [ 1615.107256] SyS_open+0x1e/0x20
> [ 1615.107588] entry_SYSCALL_64_fastpath+0x1a/0xa9
> [ 1615.107922] RIP: 0033:0x7fab599069b0
> [ 1615.108247] RSP: 002b:00007ffcf0600d78 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000002
> [ 1615.108575] RAX: ffffffffffffffda RBX: 00007fab59bcfae0 RCX:
> 00007fab599069b0
> [ 1615.108896] RDX: 0000000000000200 RSI: 0000000000000200 RDI:
> 00007ffcf060255e
> [ 1615.109211] RBP: 0000000000040010 R08: 0000000000000000 R09:
> 0000000000000016
> [ 1615.109515] R10: 00000000000006a1 R11: 0000000000000246 R12:
> 0000000000041000
> [ 1615.109806] R13: 0000000000040010 R14: 0000000000001000 R15:
> 0000000000002710
> [ 1615.110152] ---[ end trace 96ed63b1306bf2f3 ]---
>
> Fixes: a974deee47 ("NFSv4: Fix memory and state leak in...")
> Signed-off-by: Kinglong Mee <kinglongmee@...il.com>
> Signed-off-by: Anna Schumaker <Anna.Schumaker@...app.com>
> Cc: Trond Myklebust <trond.myklebust@...marydata.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>
> ---
> fs/nfs/nfs4proc.c | 2 --
> 1 file changed, 2 deletions(-)
>
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -1995,8 +1995,6 @@ static int nfs4_opendata_access(struct r
> if ((mask & ~cache.mask & (MAY_READ | MAY_EXEC)) == 0)
> return 0;
>
> - /* even though OPEN succeeded, access is denied. Close the
> file */
> - nfs4_close_state(state, fmode);
> return -EACCES;
> }
>
>
>
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@...marydata.com
Powered by blists - more mailing lists