From: Wang Hai <wanghai38@huawei.com>
To: <trond.myklebust@hammerspace.com>, <anna@kernel.org>,
<chuck.lever@oracle.com>, <davem@davemloft.net>,
<kuba@kernel.org>, <pabeni@redhat.com>
Cc: <linux-nfs@vger.kernel.org>, <netdev@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <wanghai38@huawei.com>
Subject: [PATCH net] SUNRPC: Fix local socket leak in xs_local_setup_socket()
Date: Tue, 26 Apr 2022 21:20:11 +0800 [thread overview]
Message-ID: <20220426132011.25418-1-wanghai38@huawei.com> (raw)
If the connection to a local endpoint in xs_local_setup_socket() fails,
fput() is missing in the error path, which will result in a socket leak.
It can be reproduced in simple script below.
while true
do
systemctl stop rpcbind.service
systemctl stop rpc-statd.service
systemctl stop nfs-server.service
systemctl restart rpcbind.service
systemctl restart rpc-statd.service
systemctl restart nfs-server.service
done
When executing the script, you can observe that the
"cat /proc/net/unix | wc -l" count keeps growing.
Add the missing fput(), and restore transport to old socket.
Signed-off-by: Wang Hai <wanghai38@huawei.com>
---
net/sunrpc/xprtsock.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 0f39e08ee580..7219c545385e 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1819,6 +1819,9 @@ static int xs_local_finish_connecting(struct rpc_xprt *xprt,
{
struct sock_xprt *transport = container_of(xprt, struct sock_xprt,
xprt);
+ struct socket *trans_sock = NULL;
+ struct sock *trans_inet = NULL;
+ int ret;
if (!transport->inet) {
struct sock *sk = sock->sk;
@@ -1835,6 +1838,9 @@ static int xs_local_finish_connecting(struct rpc_xprt *xprt,
xprt_clear_connected(xprt);
+ trans_sock = transport->sock;
+ trans_inet = transport->inet;
+
/* Reset to new socket */
transport->sock = sock;
transport->inet = sk;
@@ -1844,7 +1850,14 @@ static int xs_local_finish_connecting(struct rpc_xprt *xprt,
xs_stream_start_connect(transport);
- return kernel_connect(sock, xs_addr(xprt), xprt->addrlen, 0);
+ ret = kernel_connect(sock, xs_addr(xprt), xprt->addrlen, 0);
+ /* Restore to old socket */
+ if (ret && trans_inet) {
+ transport->sock = trans_sock;
+ transport->inet = trans_inet;
+ }
+
+ return ret;
}
/**
@@ -1887,7 +1900,7 @@ static int xs_local_setup_socket(struct sock_xprt *transport)
xprt->stat.connect_time += (long)jiffies -
xprt->stat.connect_start;
xprt_set_connected(xprt);
- break;
+ goto out;
case -ENOBUFS:
break;
case -ENOENT:
@@ -1904,6 +1917,9 @@ static int xs_local_setup_socket(struct sock_xprt *transport)
xprt->address_strings[RPC_DISPLAY_ADDR]);
}
+ transport->file = NULL;
+ fput(filp);
+
out:
xprt_clear_connecting(xprt);
xprt_wake_pending_tasks(xprt, status);
--
2.17.1
next reply other threads:[~2022-04-26 13:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 13:20 Wang Hai [this message]
2022-04-26 18:51 ` [PATCH net] SUNRPC: Fix local socket leak in xs_local_setup_socket() Trond Myklebust
2022-04-27 7:15 ` wanghai (M)
2022-04-28 12:51 ` wanghai (M)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220426132011.25418-1-wanghai38@huawei.com \
--to=wanghai38@huawei.com \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox