From: Tim Gardner <tim.gardner@canonical.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-kernel@vger.kernel.org,
Trond Myklebust <Trond.Myklebust@netapp.com>,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH linux-next] lockd: nlmsvc_mark_resources(): avoid stack overflow
Date: Wed, 13 Feb 2013 07:40:21 -0700 [thread overview]
Message-ID: <511BA5D5.6050902@canonical.com> (raw)
In-Reply-To: <20130212212246.GH10267@fieldses.org>
On 02/12/2013 02:22 PM, J. Bruce Fields wrote:
> On Tue, Feb 12, 2013 at 12:48:58PM -0700, Tim Gardner wrote:
>> Dynamically allocate the NLM host structure in order to avoid stack overflow.
>> nlmsvc_mark_resources() is several call levels deep in a stack
>> that has a number of large variables. 512 bytes seems like a lot
>> on the stack at this point.
>>
>> smatch analysis:
>>
>> fs/lockd/svcsubs.c:366 nlmsvc_mark_resources() warn: 'hint' puts
>> 512 bytes on stack
>>
>> Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
>> Cc: "J. Bruce Fields" <bfields@fieldses.org>
>> Cc: linux-nfs@vger.kernel.org
>> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
>> ---
>> fs/lockd/svcsubs.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/fs/lockd/svcsubs.c b/fs/lockd/svcsubs.c
>> index b904f41..f3abb7f 100644
>> --- a/fs/lockd/svcsubs.c
>> +++ b/fs/lockd/svcsubs.c
>> @@ -363,11 +363,15 @@ nlmsvc_is_client(void *data, struct nlm_host *dummy)
>> void
>> nlmsvc_mark_resources(struct net *net)
>> {
>> - struct nlm_host hint;
>> + struct nlm_host *hint = kzalloc(sizeof(*hint), GFP_KERNEL);
>>
>> - dprintk("lockd: nlmsvc_mark_resources for net %p\n", net);
>> - hint.net = net;
>> - nlm_traverse_files(&hint, nlmsvc_mark_host, NULL);
>> + if (hint) {
>> + dprintk("lockd: nlmsvc_mark_resources for net %p\n", net);
>> + hint->net = net;
>> + nlm_traverse_files(hint, nlmsvc_mark_host, NULL);
>> + }
>
> Silently neglecting to do this looks like a bad idea.
>
> It's strange that we're passing in an nlm_host when all we actually use
> is the struct net*. Why not just change this to pass in the net
> instead?
>
> --b.
>
It won't really be silent. k[zm]alloc() dumps a stack trace on failure
to allocate unless GFP_NOWARN is set in the flags. I think this is a bit
better then possibly corrupting the stack.
Changing the prototype to just pass in 'net' has knock on effects that
make this patch a whole lot bigger. You'd have to change the code within
a bunch of functions which are difficult to verify at compile time
because of the use of 'void *data' as the first parameter. Is there
still a good reason for that parameter to be opaque ?
rtg
--
Tim Gardner tim.gardner@canonical.com
prev parent reply other threads:[~2013-02-13 14:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-12 19:48 [PATCH linux-next] lockd: nlmsvc_mark_resources(): avoid stack overflow Tim Gardner
2013-02-12 21:22 ` J. Bruce Fields
2013-02-13 14:40 ` Tim Gardner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=511BA5D5.6050902@canonical.com \
--to=tim.gardner@canonical.com \
--cc=Trond.Myklebust@netapp.com \
--cc=bfields@fieldses.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.