From: "Namjae Jeon" <namjae.jeon@samsung.com>
To: "'Dan Carpenter'" <dan.carpenter@oracle.com>
Cc: "'Sergey Senozhatsky'" <sergey.senozhatsky@gmail.com>,
"'Steve French'" <sfrench@samba.org>,
"'Hyunchul Lee'" <hyc.lee@gmail.com>,
"'Ronnie Sahlberg'" <lsahlber@redhat.com>,
<linux-cifs@vger.kernel.org>,
<linux-cifsd-devel@lists.sourceforge.net>,
<kernel-janitors@vger.kernel.org>
Subject: RE: [PATCH v2] cifsd: fix error handling in ksmbd_server_init()
Date: Thu, 25 Mar 2021 12:35:10 +0900 [thread overview]
Message-ID: <01f601d72127$dc184c20$9448e460$@samsung.com> (raw)
In-Reply-To: <YFnsqPphqvItA3z2@mwanda>
>
> The error handling in ksmbd_server_init() uses "one function to free everything style" which is
> impossible to audit and leads to several canonical bugs. When we free something that wasn't allocated
> it may be uninitialized, an error pointer, freed in a different function or we try freeing "foo->bar"
> when "foo" is a NULL pointer. And since the code is impossible to audit then it leads to memory leaks.
>
> In the ksmbd_server_init() function, every goto will lead to a crash because we have not allocated the
> work queue but we call
> ksmbd_workqueue_destroy() which tries to flush a NULL work queue.
> Another bug is if ksmbd_init_buffer_pools() fails then it leads to a double free because we free
> "work_cache" twice. A third type of bug is that we forgot to call ksmbd_release_inode_hash() so that
> is a resource leak.
>
> A better way to write error handling is for every function to clean up after itself and never leave
> things partially allocated. Then we can use "free the last successfully allocated resource" style.
> That way when someone is reading the code they can just track the last resource in their head and
> verify that the goto matches what they expect.
>
> In this patch I modified ksmbd_ipc_init() to clean up after itself and then I converted
> ksmbd_server_init() to use gotos to clean up.
>
> Fixes: cabcebc31de4 ("cifsd: introduce SMB3 kernel server")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: remove __exit annotation from ksmbd_release_inode_hash() as detected by the kbuild-bot
I will apply. Thanks for your patch!
prev parent reply other threads:[~2021-03-25 3:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20210323132751epcas1p39002e41ec02ed29aee7f73aae5f2cbf9@epcas1p3.samsung.com>
2021-03-23 13:27 ` [PATCH v2] cifsd: fix error handling in ksmbd_server_init() Dan Carpenter
2021-03-25 3:35 ` Namjae Jeon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01f601d72127$dc184c20$9448e460$@samsung.com' \
--to=namjae.jeon@samsung.com \
--cc=dan.carpenter@oracle.com \
--cc=hyc.lee@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-cifsd-devel@lists.sourceforge.net \
--cc=lsahlber@redhat.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.