korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
0070ed3d9e
linux/net/sunrpc
History
Dave Wysochanski 0070ed3d9e Fix 16-byte memory leak in gssp_accept_sec_context_upcall 
There is a 16-byte memory leak inside sunrpc/auth_gss on an nfs server when
a client mounts with 'sec=krb5' in a simple mount / umount loop.  The leak
is seen by either monitoring the kmalloc-16 slab or with kmemleak enabled

unreferenced object 0xffff92e6a045f030 (size 16):
  comm "nfsd", pid 1096, jiffies 4294936658 (age 761.110s)
  hex dump (first 16 bytes):
    2a 86 48 86 f7 12 01 02 02 00 00 00 00 00 00 00  *.H.............
  backtrace:
    [<000000004b2b79a7>] gssx_dec_buffer+0x79/0x90 [auth_rpcgss]
    [<000000002610ac1a>] gssx_dec_accept_sec_context+0x215/0x6dd [auth_rpcgss]
    [<000000004fd0e81d>] rpcauth_unwrap_resp+0xa9/0xe0 [sunrpc]
    [<000000002b099233>] call_decode+0x1e9/0x840 [sunrpc]
    [<00000000954fc846>] __rpc_execute+0x80/0x3f0 [sunrpc]
    [<00000000c83a961c>] rpc_run_task+0x10d/0x150 [sunrpc]
    [<000000002c2cdcd2>] rpc_call_sync+0x4d/0xa0 [sunrpc]
    [<000000000b74eea2>] gssp_accept_sec_context_upcall+0x196/0x470 [auth_rpcgss]
    [<000000003271273f>] svcauth_gss_proxy_init+0x188/0x520 [auth_rpcgss]
    [<000000001cf69f01>] svcauth_gss_accept+0x3a6/0xb50 [auth_rpcgss]

If you map the above to code you'll see the following call chain
  gssx_dec_accept_sec_context
    gssx_dec_ctx  (missing from kmemleak output)
      gssx_dec_buffer(xdr, &ctx->mech)

Inside gssx_dec_buffer there is 'kmemdup' where we allocate memory for
any gssx_buffer (buf) and store into buf->data.  In the above instance,
'buf == &ctx->mech).

Further up in the chain in gssp_accept_sec_context_upcall we see ctx->mech
is part of a stack variable 'struct gssx_ctx rctxh'.  Now later inside
gssp_accept_sec_context_upcall after gssp_call, there is a number of
memcpy and kfree statements, but there is no kfree(rctxh.mech.data)
after the memcpy into data->mech_oid.data.

With this patch applied and the same mount / unmount loop, the kmalloc-16
slab is stable and kmemleak enabled no longer shows the above backtrace.

Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-06-08 16:28:55 -04:00
..
auth_gss Fix 16-byte memory leak in gssp_accept_sec_context_upcall 2018-06-08 16:28:55 -04:00
xprtrdma svcrdma: Fix incorrect return value/type in svc_rdma_post_recvs 2018-06-08 16:28:55 -04:00
addr.c replace strict_strto calls 2014-07-12 18:45:49 -04:00
auth_generic.c NFS client updates for Linux 4.9 2016-10-13 21:28:20 -07:00
auth_null.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
auth_unix.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
auth.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
backchannel_rqst.c SUNRPC: Don't hold the transport lock when receiving backchannel data 2017-08-16 15:10:16 -04:00
cache.c Chuck Lever did a bunch of work on nfsd tracepoints, on RDMA, and on 2018-04-05 19:15:29 -07:00
clnt.c NFS client updates for Linux 4.17 2018-04-12 12:55:50 -07:00
debugfs.c net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
Kconfig svcrdma: Introduce local rdma_rw API helpers 2017-04-25 17:25:55 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netns.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rpc_pipe.c rpc_pipefs: fix double-dput() 2018-04-15 23:49:27 -04:00
rpcb_clnt.c sunrpc: remove net pointer from messages 2017-11-17 16:43:51 -05:00
sched.c sunrpc: Simplify synopsis of some trace points 2018-04-10 16:06:22 -04:00
socklib.c sunrpc: do not pull udp headers on receive 2016-04-11 15:31:33 -04:00
stats.c sunrpc: Add static trace point to report RPC latency stats 2018-04-10 16:06:22 -04:00
sunrpc_syms.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
sunrpc.h xprtrdma: "Support" call-only RPCs 2018-04-10 16:06:22 -04:00
svc_xprt.c svc: Report xprt dequeue latency 2018-04-03 15:08:13 -04:00
svc.c NFSD: Clean up legacy NFS SYMLINK argument XDR decoders 2018-04-03 15:08:16 -04:00
svcauth_unix.c kernel: make groups_sort calling a responsibility group_info allocators 2017-12-14 16:00:49 -08:00
svcauth.c locking/atomic, kref: Implement kref_put_lock() 2017-01-18 10:03:29 +01:00
svcsock.c Chuck Lever did a bunch of work on nfsd tracepoints, on RDMA, and on 2018-04-05 19:15:29 -07:00
sysctl.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
timer.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
xdr.c SUNRPC: Add helpers for decoding opaque and string types 2018-04-10 16:06:22 -04:00
xprt.c SUNRPC: Make num_reqs a non-atomic integer 2018-04-10 16:06:22 -04:00
xprtmultipath.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xprtsock.c NFS client updates for Linux 4.17 2018-04-12 12:55:50 -07:00