From: Simon Horman <horms@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: netdev@vger.kernel.org, Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
Jeffrey Altman <jaltman@auristor.com>,
stable@kernel.org
Subject: Re: [PATCH net 1/4] rxrpc: Fix memory leaks in rxkad_verify_response()
Date: Tue, 21 Apr 2026 21:32:28 +0100 [thread overview]
Message-ID: <20260421203228.GI651125@horms.kernel.org> (raw)
In-Reply-To: <20260420145900.1223732-2-dhowells@redhat.com>
On Mon, Apr 20, 2026 at 03:58:54PM +0100, David Howells wrote:
> Fix rxkad_verify_response() to free ticket by using a __free() construct
> rather than explicitly freeing it.
>
> Also fix rxkad_verify_response() to free the server key by using a __free()
> construct.
>
> Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure")
> Fixes: ec832bd06d6f ("rxrpc: Don't retain the server key in the connection")
> Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells@redhat.com>
...
> index eb7f2769d2b1..0acdc46f42c2 100644
> --- a/net/rxrpc/rxkad.c
> +++ b/net/rxrpc/rxkad.c
...
> @@ -1160,16 +1159,15 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
> }
>
> ret = -ENOMEM;
> - response = kzalloc_obj(struct rxkad_response, GFP_NOFS);
> + struct rxkad_response *response __free(kfree) =
> + kzalloc_obj(struct rxkad_response, GFP_NOFS);
> if (!response)
> goto temporary_error;
>
Hi David,
This goto, combined with the use of __free in the declaration
of ticket below results in a compile error for x86_64 allmodconfig
with clang 21.1.8.
net/rxrpc/rxkad.c:1165:3: error: cannot jump from this goto statement to its label
1165 | goto temporary_error;
| ^
net/rxrpc/rxkad.c:1192:8: note: jump bypasses initialization of variable with __attribute__((cleanup))
1192 | void *ticket __free(kfree) = kmalloc(ticket_len, GFP_NOFS);
| ^
Moreover, the use of this construct is discouraged in Networking code:
1.7.3. Using device-managed and cleanup.h constructs¶
Netdev remains skeptical about promises of all “auto-cleanup” APIs,
including even devm_ helpers, historically. They are not the preferred
style of implementation, merely an acceptable one.
Use of guard() is discouraged within any function longer than 20 lines,
scoped_guard() is considered more readable. Using normal lock/unlock is
still (weakly) preferred.
Low level cleanup constructs (such as __free()) can be used when building
APIs and helpers, especially scoped iterators. However, direct use of
__free() within networking core and drivers is discouraged. Similar
guidance applies to declaring variables mid-function.
https://docs.kernel.org/process/maintainer-netdev.html#using-device-managed-and-cleanup-h-constructs
And to round things out, Sashiko also points out problems with
the use of __free() in this patch.
...
>
> /* extract the kerberos ticket and decrypt and decode it */
> ret = -ENOMEM;
> - ticket = kmalloc(ticket_len, GFP_NOFS);
> + void *ticket __free(kfree) = kmalloc(ticket_len, GFP_NOFS);
> if (!ticket)
> - goto temporary_error_free_resp;
> + goto temporary_error;
...
> temporary_error:
> /* Ignore the response packet if we got a temporary error such as
> * ENOMEM. We just want to send the challenge again. Note that we
> * also come out this way if the ticket decryption fails.
> */
> - key_put(server_key);
> return ret;
> }
>
>
--
pw-bot: changes-requested
next prev parent reply other threads:[~2026-04-21 20:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 14:58 [PATCH net 0/4] rxrpc: Miscellaneous fixes David Howells
2026-04-20 14:58 ` [PATCH net 1/4] rxrpc: Fix memory leaks in rxkad_verify_response() David Howells
2026-04-21 20:32 ` Simon Horman [this message]
2026-04-20 14:58 ` [PATCH net 2/4] rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells
2026-04-21 20:38 ` Simon Horman
2026-04-21 20:58 ` David Howells
2026-04-20 14:58 ` [PATCH net 3/4] rxgk: Fix potential integer overflow in length check David Howells
2026-04-20 14:58 ` [PATCH net 4/4] rxrpc: Fix rxkad crypto unalignment handling David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260421203228.GI651125@horms.kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=jaltman@auristor.com \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox