linux-kernel - Re: [PATCH] SUNRPC: Fix potential memory leak in xs_udp_send

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date:   Wed, 7 Sep 2022 13:30:30 +0000
From:   Trond Myklebust <trondmy@...merspace.com>
To:     "niejianglei2021@....com" <niejianglei2021@....com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "chuck.lever@...cle.com" <chuck.lever@...cle.com>,
        "anna@...nel.org" <anna@...nel.org>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "jlayton@...nel.org" <jlayton@...nel.org>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "kuba@...nel.org" <kuba@...nel.org>
CC:     "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] SUNRPC: Fix potential memory leak in
 xs_udp_send_request()

On Wed, 2022-09-07 at 06:08 -0400, Jeff Layton wrote:
> On Wed, 2022-09-07 at 15:13 +0800, Jianglei Nie wrote:
> > xs_udp_send_request() allocates a memory chunk for xdr->bvec with
> > xdr_alloc_bvec(). When xprt_sock_sendmsg() finishs, xdr->bvec is
> > not
> > released, which will lead to a memory leak.
> > 
> > we should release the xdr->bvec with xdr_free_bvec() after
> > xprt_sock_sendmsg() like bc_sendto() does.
> > 
> > Signed-off-by: Jianglei Nie <niejianglei2021@....com>
> > ---
> >  net/sunrpc/xprtsock.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > index e976007f4fd0..298182a3c168 100644
> > --- a/net/sunrpc/xprtsock.c
> > +++ b/net/sunrpc/xprtsock.c
> > @@ -958,6 +958,7 @@ static int xs_udp_send_request(struct rpc_rqst
> > *req)
> >                 return status;
> >         req->rq_xtime = ktime_get();
> >         status = xprt_sock_sendmsg(transport->sock, &msg, xdr, 0,
> > 0, &sent);
> > +       xdr_free_bvec(xdr);
> >  
> >         dprintk("RPC:       xs_udp_send_request(%u) = %d\n",
> >                         xdr->len, status);
> 
> I think you're probably correct here.
> 
> I was thinking we might have a similar bug in svc_tcp_sendmsg, but it
> looks like that one gets freed in svc_tcp_sendto.
> 
> Reviewed-by: Jeff Layton <jlayton@...nel.org>

No, this patch is unnecessary and won't be applied. We already do this
for all transports in xprt_request_dequeue_transmit().

-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@...merspace.com