From: zhangqilong <zhangqilong3@huawei.com>
To: Sagi Grimberg <sagi@grimberg.me>, "hare@suse.de" <hare@suse.de>,
"kbusch@kernel.org" <kbusch@kernel.org>,
"axboe@fb.com" <axboe@fb.com>, "hch@lst.de" <hch@lst.de>
Cc: "linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>
Subject: 答复: 答复: [PATCH] nvme: fix memleak in nvme_ctrl_dhchap_secret_store()
Date: Mon, 21 Nov 2022 11:54:21 +0000 [thread overview]
Message-ID: <3e04d64de5bc4891b67b97f8fc8f9023@huawei.com> (raw)
In-Reply-To: <9a9512de-1bbc-fafb-74d1-3bd0a156ab81@grimberg.me>
> >>> drivers/nvme/host/core.c | 7 +++++--
> >>> 1 file changed, 5 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> >>> index da55ce45ac70..e06d1b3961fe 100644
> >>> --- a/drivers/nvme/host/core.c
> >>> +++ b/drivers/nvme/host/core.c
> >>> @@ -3748,13 +3748,16 @@ static ssize_t
> >> nvme_ctrl_dhchap_secret_store(struct device *dev,
> >>> int ret;
> >>>
> >>> ret = nvme_auth_generate_key(dhchap_secret, &ctrl-
> host_key);
> >>> - if (ret)
> >>> + if (ret) {
> >>> + kfree(dhchap_secret);
> >>> return ret;
> >>> + }
> >>> kfree(opts->dhchap_secret);
> >>> opts->dhchap_secret = dhchap_secret;
> >>> /* Key has changed; re-authentication with new key */
> >>> nvme_auth_reset(ctrl);
> >>> - }
> >>> + } else
> >>> + kfree(dhchap_secret);
>
> Perhaps lets change the check above to strncmp directly against buf and
> allocate inside the clause.
>
Good suggestion and I have updated fixes like:
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3730,7 +3730,6 @@ static ssize_t nvme_ctrl_dhchap_secret_store(struct device *dev,
{
struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
struct nvmf_ctrl_options *opts = ctrl->opts;
- char *dhchap_secret;
if (!ctrl->opts->dhchap_secret)
return -EINVAL;
@@ -3739,17 +3738,20 @@ static ssize_t nvme_ctrl_dhchap_secret_store(struct device *dev,
if (memcmp(buf, "DHHC-1:", 7))
return -EINVAL;
- dhchap_secret = kzalloc(count + 1, GFP_KERNEL);
- if (!dhchap_secret)
- return -ENOMEM;
- memcpy(dhchap_secret, buf, count);
nvme_auth_stop(ctrl);
- if (strcmp(dhchap_secret, opts->dhchap_secret)) {
+ if (strncmp(buf, opts->dhchap_secret, count)) {
int ret;
+ char *dhchap_secret;
+ dhchap_secret = kzalloc(count + 1, GFP_KERNEL);
+ if (!dhchap_secret)
+ return -ENOMEM;
+ memcpy(dhchap_secret, buf, count);
ret = nvme_auth_generate_key(dhchap_secret, &ctrl->host_key);
- if (ret)
+ if (ret) {
+ kfree(dhchap_secret);
return ret;
+ }
kfree(opts->dhchap_secret);
Do you think is it that ok?
next prev parent reply other threads:[~2022-11-21 11:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-21 6:21 [PATCH] nvme: fix memleak in nvme_ctrl_dhchap_secret_store() Zhang Qilong
2022-11-21 9:51 ` Sagi Grimberg
2022-11-21 11:33 ` 答复: " zhangqilong
2022-11-21 11:39 ` Sagi Grimberg
2022-11-21 11:54 ` zhangqilong [this message]
2022-11-21 14:23 ` 答复: " Sagi Grimberg
2022-11-21 15:09 ` 答复: " zhangqilong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e04d64de5bc4891b67b97f8fc8f9023@huawei.com \
--to=zhangqilong3@huawei.com \
--cc=axboe@fb.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.