From: Dan Carpenter <dan.carpenter@oracle.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
Jeff Layton <jlayton@kernel.org>,
Bruce Fields <bfields@redhat.com>,
Scott Mayhew <smayhew@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] nfsd: Fix a memory leak in an error handling path
Date: Wed, 31 Aug 2022 08:44:07 +0300 [thread overview]
Message-ID: <20220831054407.GI2071@kadam> (raw)
In-Reply-To: <5AAB19B0-0DAB-4313-AC9A-307E79CE4527@oracle.com>
On Tue, Aug 30, 2022 at 09:11:54PM +0000, Chuck Lever III wrote:
>
>
> > On Aug 26, 2022, at 7:08 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> >
> > On Fri, Aug 26, 2022 at 12:24:54PM +0200, Christophe JAILLET wrote:
> >> If this memdup_user() call fails, the memory allocated in a previous call
> >> a few lines above should be freed. Otherwise it leaks.
> >>
> >> Fixes: 6ee95d1c8991 ("nfsd: add support for upcall version 2")
> >> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> >> ---
> >> Speculative, untested.
> >> ---
> >> fs/nfsd/nfs4recover.c | 4 +++-
> >> 1 file changed, 3 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
> >> index b29d27eaa8a6..248ff9f4141c 100644
> >> --- a/fs/nfsd/nfs4recover.c
> >> +++ b/fs/nfsd/nfs4recover.c
> >> @@ -815,8 +815,10 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v2 __user *cmsg,
> >> princhash.data = memdup_user(
> >> &ci->cc_princhash.cp_data,
> >> princhashlen);
> >> - if (IS_ERR_OR_NULL(princhash.data))
> >> + if (IS_ERR_OR_NULL(princhash.data)) {
> >> + kfree(name.data);
> >> return -EFAULT;
> >
> > This comment is not directed at you and is not related to your patch.
> > But memdup_user() never returns NULL, only error pointers. I wrote a
> > fifteen page blog entry about NULL vs error pointers the other week.
> > https://staticthinking.wordpress.com/2022/08/01/mixing-error-pointers-and-null/
> > This should propagate the error code from memdup_user() instead of
> > -EFAULT.
>
> I take it then that Christophe should redrive this with your suggested
> corrections? I haven't applied this yet because I was waiting for
> follow-up.
No, that's a different thing. If anyone wants to clean that up then it
should be part of a different patch.
regards,
dan carpenter
prev parent reply other threads:[~2022-08-31 5:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-26 10:24 [PATCH] nfsd: Fix a memory leak in an error handling path Christophe JAILLET
2022-08-26 10:41 ` Jeff Layton
2022-08-26 11:08 ` Dan Carpenter
2022-08-30 21:11 ` Chuck Lever III
2022-08-31 5:06 ` Christophe JAILLET
2022-08-31 5:44 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220831054407.GI2071@kadam \
--to=dan.carpenter@oracle.com \
--cc=bfields@redhat.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=smayhew@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.