mbox series

[00/10] NFS: Fix a number of memory leaks and use-after-free

Message ID 20200401185652.1904777-1-trondmy@kernel.org (mailing list archive)
Headers show
Series NFS: Fix a number of memory leaks and use-after-free | expand

Message

Trond Myklebust April 1, 2020, 6:56 p.m. UTC 
From: Trond Myklebust <trond.myklebust@hammerspace.com>

When running xfstests with wsize=1024, a number of use-after-free issues
and memory leaks can currently be hit. One of the more obvious
leaks is seen when the generic/013 test fails due to the presence of
sillyrenamed files that never go away.

After testing with kasan enabled, and adding some debugging code to
detect leaked nfs_page and nfs_direct_req structures, I found a number
of issues that appear to be fixed by the following patchset.

Trond Myklebust (10):
  NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
  NFS: Fix races nfs_page_group_destroy() vs
    nfs_destroy_unlinked_subrequests()
  NFS: Fix use-after-free issues in nfs_pageio_add_request()
  NFS: Fix a request reference leak in nfs_direct_write_clear_reqs()
  NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
  NFS: Remove the redundant function nfs_pgio_has_mirroring()
  NFS: Clean up nfs_lock_and_join_requests()
  NFS: Reverse the submission order of requests in
    __nfs_pageio_add_request()
  NFS: Refactor nfs_lock_and_join_requests()
  NFS: Try to join page groups before an O_DIRECT retransmission

 fs/nfs/direct.c          |  21 +++
 fs/nfs/internal.h        |   6 -
 fs/nfs/pagelist.c        | 350 +++++++++++++++++++++++++--------------
 fs/nfs/write.c           | 258 ++++++++++++++---------------
 include/linux/nfs_page.h |   5 +
 5 files changed, 379 insertions(+), 261 deletions(-)