From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Tom Rix <trix@redhat.com>,
Anna Schumaker <Anna.Schumaker@Netapp.com>,
Sasha Levin <sashal@kernel.org>,
linux-nfs@vger.kernel.org
Subject: [PATCH AUTOSEL 5.7 51/53] nfs: Fix memory leak of export_path
Date: Wed, 1 Jul 2020 21:22:00 -0400 [thread overview]
Message-ID: <20200702012202.2700645-51-sashal@kernel.org> (raw)
In-Reply-To: <20200702012202.2700645-1-sashal@kernel.org>
From: Tom Rix <trix@redhat.com>
[ Upstream commit 4659ed7cc8514369043053463514408ca16ad6f3 ]
The try_location function is called within a loop by nfs_follow_referral.
try_location calls nfs4_pathname_string to created the export_path.
nfs4_pathname_string allocates the memory. export_path is stored in the
nfs_fs_context/fs_context structure similarly as hostname and source.
But whereas the ctx hostname and source are freed before assignment,
export_path is not. So if there are multiple loops, the new export_path
will overwrite the old without the old being freed.
So call kfree for export_path.
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4namespace.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index a3ab6e219061b..873342308dc0d 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -308,6 +308,7 @@ static int try_location(struct fs_context *fc,
if (IS_ERR(export_path))
return PTR_ERR(export_path);
+ kfree(ctx->nfs_server.export_path);
ctx->nfs_server.export_path = export_path;
source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1,
--
2.25.1
prev parent reply other threads:[~2020-07-02 1:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200702012202.2700645-1-sashal@kernel.org>
2020-07-02 1:21 ` [PATCH AUTOSEL 5.7 30/53] xprtrdma: Prevent dereferencing r_xprt->rx_ep after it is freed Sasha Levin
2020-07-02 1:22 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200702012202.2700645-51-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Anna.Schumaker@Netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).