From patchwork Wed Aug 7 20:09:52 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Adamson X-Patchwork-Id: 2840487 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 562079F493 for ; Wed, 7 Aug 2013 20:10:03 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 459402048E for ; Wed, 7 Aug 2013 20:10:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D1E2120481 for ; Wed, 7 Aug 2013 20:10:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756928Ab3HGUJ7 (ORCPT ); Wed, 7 Aug 2013 16:09:59 -0400 Received: from mx12.netapp.com ([216.240.18.77]:2372 "EHLO mx12.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752759Ab3HGUJ7 (ORCPT ); Wed, 7 Aug 2013 16:09:59 -0400 X-IronPort-AV: E=Sophos;i="4.89,835,1367996400"; d="scan'208";a="79411546" Received: from vmwexceht04-prd.hq.netapp.com ([10.106.77.34]) by mx12-out.netapp.com with ESMTP; 07 Aug 2013 13:09:58 -0700 Received: from smtp2.corp.netapp.com (10.57.159.114) by VMWEXCEHT04-PRD.hq.netapp.com (10.106.77.34) with Microsoft SMTP Server id 14.3.123.3; Wed, 7 Aug 2013 13:09:58 -0700 Received: from fc19.androsad.fake (vpn2ntap-30470.vpn.netapp.com [10.55.66.137]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id r77K9vV7029825; Wed, 7 Aug 2013 13:09:58 -0700 (PDT) From: To: CC: , Andy Adamson Subject: [PATCH Version 2 1/6] NFSv4.1 Fix an rpc client leak Date: Wed, 7 Aug 2013 16:09:52 -0400 Message-ID: <1375906192-1988-1-git-send-email-andros@netapp.com> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andy Adamson nfs4_proc_lookup_mountpoint clones an rpc client to perform a lookup across a mountpoint. If the security of the mountpoint is different than that of the clonded rpc client, a secinfo query is sent, and if successful, a new rpc client is cloned an returned to nfs4_proc_lookup_mountpoint replacing the original cloned client pointer. In this case, the originoal cloned client is not reaped - which results in a leak of multiple rpc clients, as the parent of the original cloned client will not be dereferenced, and it's parent will not be dereferenced... Signed-off-by: Andy Adamson --- fs/nfs/nfs4proc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 0e64ccc..ee30a4f 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -3073,12 +3073,15 @@ nfs4_proc_lookup_mountpoint(struct inode *dir, struct qstr *name, { int status; struct rpc_clnt *client = rpc_clone_client(NFS_CLIENT(dir)); + struct rpc_clnt *clnt = client; status = nfs4_proc_lookup_common(&client, dir, name, fhandle, fattr, NULL); if (status < 0) { rpc_shutdown_client(client); return ERR_PTR(status); } + if (clnt != client) + rpc_shutdown_client(clnt); return client; }