| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Sep 2022 06:08:25 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Jianglei Nie <niejianglei2021@....com>, chuck.lever@...cle.com,
trond.myklebust@...merspace.com, anna@...nel.org,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com
Cc: linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] SUNRPC: Fix potential memory leak in
xs_udp_send_request()
On Wed, 2022-09-07 at 15:13 +0800, Jianglei Nie wrote:
> xs_udp_send_request() allocates a memory chunk for xdr->bvec with
> xdr_alloc_bvec(). When xprt_sock_sendmsg() finishs, xdr->bvec is not
> released, which will lead to a memory leak.
>
> we should release the xdr->bvec with xdr_free_bvec() after
> xprt_sock_sendmsg() like bc_sendto() does.
>
> Signed-off-by: Jianglei Nie <niejianglei2021@....com>
> ---
> net/sunrpc/xprtsock.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index e976007f4fd0..298182a3c168 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -958,6 +958,7 @@ static int xs_udp_send_request(struct rpc_rqst *req)
> return status;
> req->rq_xtime = ktime_get();
> status = xprt_sock_sendmsg(transport->sock, &msg, xdr, 0, 0, &sent);
> + xdr_free_bvec(xdr);
>
> dprintk("RPC: xs_udp_send_request(%u) = %d\n",
> xdr->len, status);
I think you're probably correct here.
I was thinking we might have a similar bug in svc_tcp_sendmsg, but it
looks like that one gets freed in svc_tcp_sendto.
Reviewed-by: Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists