From: Greg KH <gregkh@linuxfoundation.org>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@linux-foundation.org, linux-afs@lists.infradead.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] afs: Fix clearance of reply
Date: Mon, 15 Oct 2018 16:02:55 +0200 [thread overview]
Message-ID: <20181015140255.GA3510@kroah.com> (raw)
In-Reply-To: <153960378222.7221.8576360303007809015.stgit@warthog.procyon.org.uk>
On Mon, Oct 15, 2018 at 12:43:02PM +0100, David Howells wrote:
> The recent patch to fix the afs_server struct leak didn't actually fix the
> bug, but rather fixed some of the symptoms. The problem is that an
> asynchronous call that holds a resource pointed to by call->reply[0] will
> find the pointer cleared in the call destructor, thereby preventing the
> resource from being cleaned up.
>
> In the case of the server record leak, the afs_fs_get_capabilities()
> function in devel code sets up a call with reply[0] pointing at the server
> record that should be altered when the result is obtained, but this was
> being cleared before the destructor was called, so the put in the
> destructor does nothing and the record is leaked.
>
> Commit f014ffb025c1 removed the additional ref obtained by
> afs_install_server(), but the removal of this ref is actually used by the
> garbage collector to mark a server record as being defunct after the record
> has expired through lack of use.
>
> The offending clearance of call->reply[0] upon completion in
> afs_process_async_call() has been there from the origin of the code, but
> none of the asynchronous calls actually use that pointer currently, so it
> should be safe to remove (note that synchronous calls don't involve this
> function).
>
> Fix this by the following means:
>
> (1) Revert commit f014ffb025c1.
>
> (2) Remove the clearance of reply[0] from afs_process_async_call().
>
> Without this, afs_manage_servers() will suffer an assertion failure if it
> sees a server record that didn't get used because the usage count is not 1.
>
> Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak")
> Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.")
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
Now applied, thanks.
greg k-h
prev parent reply other threads:[~2018-10-15 14:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-15 11:43 [PATCH] afs: Fix clearance of reply David Howells
2018-10-15 14:02 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181015140255.GA3510@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dhowells@redhat.com \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.