From: Simon Horman <horms@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: netdev@vger.kernel.org, Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
Jeffrey Altman <jaltman@auristor.com>,
stable@kernel.org
Subject: Re: [PATCH net 1/4] rxrpc: Fix memory leaks in rxkad_verify_response()
Date: Tue, 21 Apr 2026 21:32:28 +0100 [thread overview]
Message-ID: <20260421203228.GI651125@horms.kernel.org> (raw)
In-Reply-To: <20260420145900.1223732-2-dhowells@redhat.com>
On Mon, Apr 20, 2026 at 03:58:54PM +0100, David Howells wrote:
> Fix rxkad_verify_response() to free ticket by using a __free() construct
> rather than explicitly freeing it.
>
> Also fix rxkad_verify_response() to free the server key by using a __free()
> construct.
>
> Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure")
> Fixes: ec832bd06d6f ("rxrpc: Don't retain the server key in the connection")
> Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells@redhat.com>
...
> index eb7f2769d2b1..0acdc46f42c2 100644
> --- a/net/rxrpc/rxkad.c
> +++ b/net/rxrpc/rxkad.c
...
> @@ -1160,16 +1159,15 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
> }
>
> ret = -ENOMEM;
> - response = kzalloc_obj(struct rxkad_response, GFP_NOFS);
> + struct rxkad_response *response __free(kfree) =
> + kzalloc_obj(struct rxkad_response, GFP_NOFS);
> if (!response)
> goto temporary_error;
>
Hi David,
This goto, combined with the use of __free in the declaration
of ticket below results in a compile error for x86_64 allmodconfig
with clang 21.1.8.
net/rxrpc/rxkad.c:1165:3: error: cannot jump from this goto statement to its label
1165 | goto temporary_error;
| ^
net/rxrpc/rxkad.c:1192:8: note: jump bypasses initialization of variable with __attribute__((cleanup))
1192 | void *ticket __free(kfree) = kmalloc(ticket_len, GFP_NOFS);
| ^
Moreover, the use of this construct is discouraged in Networking code:
1.7.3. Using device-managed and cleanup.h constructs¶
Netdev remains skeptical about promises of all “auto-cleanup” APIs,
including even devm_ helpers, historically. They are not the preferred
style of implementation, merely an acceptable one.
Use of guard() is discouraged within any function longer than 20 lines,
scoped_guard() is considered more readable. Using normal lock/unlock is
still (weakly) preferred.
Low level cleanup constructs (such as __free()) can be used when building
APIs and helpers, especially scoped iterators. However, direct use of
__free() within networking core and drivers is discouraged. Similar
guidance applies to declaring variables mid-function.
https://docs.kernel.org/process/maintainer-netdev.html#using-device-managed-and-cleanup-h-constructs
And to round things out, Sashiko also points out problems with
the use of __free() in this patch.
...
>
> /* extract the kerberos ticket and decrypt and decode it */
> ret = -ENOMEM;
> - ticket = kmalloc(ticket_len, GFP_NOFS);
> + void *ticket __free(kfree) = kmalloc(ticket_len, GFP_NOFS);
> if (!ticket)
> - goto temporary_error_free_resp;
> + goto temporary_error;
...
> temporary_error:
> /* Ignore the response packet if we got a temporary error such as
> * ENOMEM. We just want to send the challenge again. Note that we
> * also come out this way if the ticket decryption fails.
> */
> - key_put(server_key);
> return ret;
> }
>
>
--
pw-bot: changes-requested
next prev parent reply other threads:[~2026-04-21 20:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 14:58 [PATCH net 0/4] rxrpc: Miscellaneous fixes David Howells
2026-04-20 14:58 ` [PATCH net 1/4] rxrpc: Fix memory leaks in rxkad_verify_response() David Howells
2026-04-21 20:32 ` Simon Horman [this message]
2026-04-20 14:58 ` [PATCH net 2/4] rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells
2026-04-21 20:38 ` Simon Horman
2026-04-21 20:58 ` David Howells
2026-04-20 14:58 ` [PATCH net 3/4] rxgk: Fix potential integer overflow in length check David Howells
2026-04-20 14:58 ` [PATCH net 4/4] rxrpc: Fix rxkad crypto unalignment handling David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260421203228.GI651125@horms.kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=jaltman@auristor.com \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.