From 885c91f74662404dc179b8775494df383479311c Mon Sep 17 00:00:00 2001 From: majianpeng Date: Tue, 29 Jan 2013 13:16:01 +0800 Subject: nfsd: Fix memleak in svc_export_put In func svc_export_parse, the uuid which used kmemdup to alloc will be changed in func export_update.So the later kfree don't free this memory. And it can't be free in func svc_export_parse because other place still used.So put this operation in func svc_export_put. Signed-off-by: Jianpeng Ma Signed-off-by: J. Bruce Fields --- fs/nfsd/export.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index a3946cf13fc8..45159ee952e6 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -315,6 +315,7 @@ static void svc_export_put(struct kref *ref) path_put(&exp->ex_path); auth_domain_put(exp->ex_client); nfsd4_fslocs_free(&exp->ex_fslocs); + kfree(exp->ex_uuid); kfree(exp); } -- cgit v1.2.3 From 2eeb9b2abc83a7fd02063c7558b8e729f5a3ae00 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Sat, 2 Feb 2013 05:55:08 -0500 Subject: nfsd: initialize the exp->ex_uuid field in svc_export_init commit 885c91f7466 in Bruce's tree was causing oopses for me: general protection fault: 0000 [#1] SMP Modules linked in: nfsd(OF) nfs_acl(OF) auth_rpcgss(OF) lockd(OF) sunrpc(OF) kvm_amd kvm microcode i2c_piix4 virtio_net virtio_balloon cirrus drm_kms_helper ttm drm virtio_blk i2c_core CPU 0 Pid: 564, comm: exportfs Tainted: GF O 3.8.0-0.rc5.git2.1.fc19.x86_64 #1 Bochs Bochs RIP: 0010:[] [] kfree+0x49/0x280 RSP: 0018:ffff88007a3d7c50 EFLAGS: 00010203 RAX: 01adaf8dadadad80 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000001 RDX: ffffffff7fffffff RSI: 0000000000000000 RDI: 6b6b6b6b6b6b6b6b RBP: ffff88007a3d7c80 R08: 6b6b6b6b6b6b6b6b R09: 0000000000000000 R10: 0000000000000018 R11: 0000000000000000 R12: ffff88006a117b50 R13: ffffffffa01a589c R14: ffff8800631b0f50 R15: 01ad998dadadad80 FS: 00007fcaa3616740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f5d84b6fdd8 CR3: 0000000064db4000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process exportfs (pid: 564, threadinfo ffff88007a3d6000, task ffff88006af28000) Stack: ffff88007a3d7c80 ffff88006a117b68 ffff88006a117b50 0000000000000000 ffff8800631b0f50 ffff88006a117b50 ffff88007a3d7ca0 ffffffffa01a589c ffff880036be1148 ffff88007a3d7cf8 ffff88007a3d7e28 ffffffffa01a6a98 Call Trace: [] svc_export_put+0x5c/0x70 [nfsd] [] svc_export_parse+0x328/0x7e0 [nfsd] [] cache_do_downcall+0x57/0x70 [sunrpc] [] cache_downcall+0x7e/0x100 [sunrpc] [] cache_write_procfs+0x58/0x90 [sunrpc] [] ? cache_downcall+0x100/0x100 [sunrpc] [] proc_reg_write+0x75/0xb0 [] vfs_write+0x9f/0x170 [] sys_write+0x49/0xa0 [] system_call_fastpath+0x16/0x1b Code: 66 66 66 90 48 83 fb 10 0f 86 c3 00 00 00 48 89 df 49 bf 00 00 00 00 00 ea ff ff e8 f2 12 ea ff 48 c1 e8 0c 48 c1 e0 06 49 01 c7 <49> 8b 07 f6 c4 80 0f 85 1d 02 00 00 49 8b 07 a8 80 0f 84 ee 01 RIP [] kfree+0x49/0x280 RSP I think Majianpeng's patch is correct, but incomplete. In order for it to be safe to free the ex_uuid unconditionally in svc_export_put, we need to make sure it's initialized to NULL in the init routine. Cc: majianpeng Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields --- fs/nfsd/export.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 45159ee952e6..8e9df45b3d3c 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -671,6 +671,7 @@ static void svc_export_init(struct cache_head *cnew, struct cache_head *citem) new->ex_fslocs.locations = NULL; new->ex_fslocs.locations_count = 0; new->ex_fslocs.migrated = 0; + new->ex_uuid = NULL; new->cd = item->cd; } -- cgit v1.2.3 From 73fb847a44224d5708550e4be7baba9da75e00af Mon Sep 17 00:00:00 2001 From: Stanislav Kinsbursky Date: Mon, 4 Feb 2013 14:02:45 +0300 Subject: SUNRPC: introduce cache_detail->cache_request callback This callback will allow to simplify upcalls in further patches in this series. Signed-off-by: Stanislav Kinsbursky Signed-off-by: J. Bruce Fields --- fs/nfs/dns_resolve.c | 3 ++- fs/nfsd/export.c | 6 ++++-- fs/nfsd/nfs4idmap.c | 6 ++++-- include/linux/sunrpc/cache.h | 4 ++++ net/sunrpc/auth_gss/svcauth_gss.c | 3 ++- net/sunrpc/svcauth_unix.c | 6 ++++-- 6 files changed, 20 insertions(+), 8 deletions(-) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfs/dns_resolve.c b/fs/nfs/dns_resolve.c index 9cbc98a4159d..55bc5d11457c 100644 --- a/fs/nfs/dns_resolve.c +++ b/fs/nfs/dns_resolve.c @@ -144,7 +144,7 @@ static int nfs_dns_upcall(struct cache_detail *cd, ret = nfs_cache_upcall(cd, key->hostname); if (ret) - ret = sunrpc_cache_pipe_upcall(cd, ch, nfs_dns_request); + ret = sunrpc_cache_pipe_upcall(cd, ch, cd->cache_request); return ret; } @@ -359,6 +359,7 @@ static struct cache_detail nfs_dns_resolve_template = { .name = "dns_resolve", .cache_put = nfs_dns_ent_put, .cache_upcall = nfs_dns_upcall, + .cache_request = nfs_dns_request, .cache_parse = nfs_dns_parse, .cache_show = nfs_dns_show, .match = nfs_dns_match, diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 8e9df45b3d3c..0e16c7fa6800 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -69,7 +69,7 @@ static void expkey_request(struct cache_detail *cd, static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) { - return sunrpc_cache_pipe_upcall(cd, h, expkey_request); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } static struct svc_expkey *svc_expkey_update(struct cache_detail *cd, struct svc_expkey *new, @@ -246,6 +246,7 @@ static struct cache_detail svc_expkey_cache_template = { .name = "nfsd.fh", .cache_put = expkey_put, .cache_upcall = expkey_upcall, + .cache_request = expkey_request, .cache_parse = expkey_parse, .cache_show = expkey_show, .match = expkey_match, @@ -340,7 +341,7 @@ static void svc_export_request(struct cache_detail *cd, static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) { - return sunrpc_cache_pipe_upcall(cd, h, svc_export_request); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } static struct svc_export *svc_export_update(struct svc_export *new, @@ -714,6 +715,7 @@ static struct cache_detail svc_export_cache_template = { .name = "nfsd.export", .cache_put = svc_export_put, .cache_upcall = svc_export_upcall, + .cache_request = svc_export_request, .cache_parse = svc_export_parse, .cache_show = svc_export_show, .match = svc_export_match, diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c index a1f10c0a6255..9033dfde1812 100644 --- a/fs/nfsd/nfs4idmap.c +++ b/fs/nfsd/nfs4idmap.c @@ -142,7 +142,7 @@ idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, static int idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) { - return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request); + return sunrpc_cache_pipe_upcall(cd, ch, cd->cache_request); } static int @@ -193,6 +193,7 @@ static struct cache_detail idtoname_cache_template = { .name = "nfs4.idtoname", .cache_put = ent_put, .cache_upcall = idtoname_upcall, + .cache_request = idtoname_request, .cache_parse = idtoname_parse, .cache_show = idtoname_show, .warn_no_listener = warn_no_idmapd, @@ -323,7 +324,7 @@ nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, static int nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) { - return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request); + return sunrpc_cache_pipe_upcall(cd, ch, cd->cache_request); } static int @@ -366,6 +367,7 @@ static struct cache_detail nametoid_cache_template = { .name = "nfs4.nametoid", .cache_put = ent_put, .cache_upcall = nametoid_upcall, + .cache_request = nametoid_request, .cache_parse = nametoid_parse, .cache_show = nametoid_show, .warn_no_listener = warn_no_idmapd, diff --git a/include/linux/sunrpc/cache.h b/include/linux/sunrpc/cache.h index 5dc9ee4d616e..4f1c8582053c 100644 --- a/include/linux/sunrpc/cache.h +++ b/include/linux/sunrpc/cache.h @@ -83,6 +83,10 @@ struct cache_detail { int (*cache_upcall)(struct cache_detail *, struct cache_head *); + void (*cache_request)(struct cache_detail *cd, + struct cache_head *ch, + char **bpp, int *blen); + int (*cache_parse)(struct cache_detail *, char *buf, int len); diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index a5b41e2ac25a..1b0df530b59d 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -184,7 +184,7 @@ static void rsi_request(struct cache_detail *cd, static int rsi_upcall(struct cache_detail *cd, struct cache_head *h) { - return sunrpc_cache_pipe_upcall(cd, h, rsi_request); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } @@ -276,6 +276,7 @@ static struct cache_detail rsi_cache_template = { .name = "auth.rpcsec.init", .cache_put = rsi_put, .cache_upcall = rsi_upcall, + .cache_request = rsi_request, .cache_parse = rsi_parse, .match = rsi_match, .init = rsi_init, diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index ce34c8e5b8eb..18b8742eaa50 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -159,7 +159,7 @@ static void ip_map_request(struct cache_detail *cd, static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) { - return sunrpc_cache_pipe_upcall(cd, h, ip_map_request); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); @@ -472,7 +472,7 @@ static void unix_gid_request(struct cache_detail *cd, static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) { - return sunrpc_cache_pipe_upcall(cd, h, unix_gid_request); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, uid_t uid); @@ -578,6 +578,7 @@ static struct cache_detail unix_gid_cache_template = { .name = "auth.unix.gid", .cache_put = unix_gid_put, .cache_upcall = unix_gid_upcall, + .cache_request = unix_gid_request, .cache_parse = unix_gid_parse, .cache_show = unix_gid_show, .match = unix_gid_match, @@ -875,6 +876,7 @@ static struct cache_detail ip_map_cache_template = { .name = "auth.unix.ip", .cache_put = ip_map_put, .cache_upcall = ip_map_upcall, + .cache_request = ip_map_request, .cache_parse = ip_map_parse, .cache_show = ip_map_show, .match = ip_map_match, -- cgit v1.2.3 From 2d4383383b0b04ca380b67aa2d7397d0b399dcbf Mon Sep 17 00:00:00 2001 From: Stanislav Kinsbursky Date: Mon, 4 Feb 2013 14:02:50 +0300 Subject: SUNRPC: rework cache upcall logic For most of SUNRPC caches (except NFS DNS cache) cache_detail->cache_upcall is redundant since all that it's implementations are doing is calling sunrpc_cache_pipe_upcall() with proper function address argument. Cache request function address is now stored on cache_detail structure and thus all the code can be simplified. Now, for those cache details, which doesn't have cache_upcall callback (the only one, which still has is nfs_dns_resolve_template) sunrpc_cache_pipe_upcall will be called instead. Signed-off-by: Stanislav Kinsbursky Signed-off-by: J. Bruce Fields --- fs/nfsd/export.c | 12 ------------ fs/nfsd/nfs4idmap.c | 14 -------------- net/sunrpc/auth_gss/svcauth_gss.c | 7 ------- net/sunrpc/cache.c | 11 +++++++---- net/sunrpc/svcauth_unix.c | 12 ------------ 5 files changed, 7 insertions(+), 49 deletions(-) (limited to 'fs/nfsd/export.c') diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 0e16c7fa6800..15ebf91982b0 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -67,11 +67,6 @@ static void expkey_request(struct cache_detail *cd, (*bpp)[-1] = '\n'; } -static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) -{ - return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); -} - static struct svc_expkey *svc_expkey_update(struct cache_detail *cd, struct svc_expkey *new, struct svc_expkey *old); static struct svc_expkey *svc_expkey_lookup(struct cache_detail *cd, struct svc_expkey *); @@ -245,7 +240,6 @@ static struct cache_detail svc_expkey_cache_template = { .hash_size = EXPKEY_HASHMAX, .name = "nfsd.fh", .cache_put = expkey_put, - .cache_upcall = expkey_upcall, .cache_request = expkey_request, .cache_parse = expkey_parse, .cache_show = expkey_show, @@ -339,11 +333,6 @@ static void svc_export_request(struct cache_detail *cd, (*bpp)[-1] = '\n'; } -static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) -{ - return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); -} - static struct svc_export *svc_export_update(struct svc_export *new, struct svc_export *old); static struct svc_export *svc_export_lookup(struct svc_export *); @@ -714,7 +703,6 @@ static struct cache_detail svc_export_cache_template = { .hash_size = EXPORT_HASHMAX, .name = "nfsd.export", .cache_put = svc_export_put, - .cache_upcall = svc_export_upcall, .cache_request = svc_export_request, .cache_parse = svc_export_parse, .cache_show = svc_export_show, diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c index 9033dfde1812..d9402ea9d751 100644 --- a/fs/nfsd/nfs4idmap.c +++ b/fs/nfsd/nfs4idmap.c @@ -139,12 +139,6 @@ idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, (*bpp)[-1] = '\n'; } -static int -idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) -{ - return sunrpc_cache_pipe_upcall(cd, ch, cd->cache_request); -} - static int idtoname_match(struct cache_head *ca, struct cache_head *cb) { @@ -192,7 +186,6 @@ static struct cache_detail idtoname_cache_template = { .hash_size = ENT_HASHMAX, .name = "nfs4.idtoname", .cache_put = ent_put, - .cache_upcall = idtoname_upcall, .cache_request = idtoname_request, .cache_parse = idtoname_parse, .cache_show = idtoname_show, @@ -321,12 +314,6 @@ nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, (*bpp)[-1] = '\n'; } -static int -nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) -{ - return sunrpc_cache_pipe_upcall(cd, ch, cd->cache_request); -} - static int nametoid_match(struct cache_head *ca, struct cache_head *cb) { @@ -366,7 +353,6 @@ static struct cache_detail nametoid_cache_template = { .hash_size = ENT_HASHMAX, .name = "nfs4.nametoid", .cache_put = ent_put, - .cache_upcall = nametoid_upcall, .cache_request = nametoid_request, .cache_parse = nametoid_parse, .cache_show = nametoid_show, diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 1b0df530b59d..eb2b1f74d054 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -182,12 +182,6 @@ static void rsi_request(struct cache_detail *cd, (*bpp)[-1] = '\n'; } -static int rsi_upcall(struct cache_detail *cd, struct cache_head *h) -{ - return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); -} - - static int rsi_parse(struct cache_detail *cd, char *mesg, int mlen) { @@ -275,7 +269,6 @@ static struct cache_detail rsi_cache_template = { .hash_size = RSI_HASHMAX, .name = "auth.rpcsec.init", .cache_put = rsi_put, - .cache_upcall = rsi_upcall, .cache_request = rsi_request, .cache_parse = rsi_parse, .match = rsi_match, diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c index 9f8470353362..51853d8ed0bc 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -196,9 +196,9 @@ EXPORT_SYMBOL_GPL(sunrpc_cache_update); static int cache_make_upcall(struct cache_detail *cd, struct cache_head *h) { - if (!cd->cache_upcall) - return -EINVAL; - return cd->cache_upcall(cd, h); + if (cd->cache_upcall) + return cd->cache_upcall(cd, h); + return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); } static inline int cache_is_valid(struct cache_detail *detail, struct cache_head *h) @@ -1152,6 +1152,9 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h, char *bp; int len; + if (!detail->cache_request) + return -EINVAL; + if (!cache_listeners_exist(detail)) { warn_no_listener(detail); return -EINVAL; @@ -1605,7 +1608,7 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net) if (p == NULL) goto out_nomem; - if (cd->cache_upcall || cd->cache_parse) { + if (cd->cache_request || cd->cache_parse) { p = proc_create_data("channel", S_IFREG|S_IRUSR|S_IWUSR, cd->u.procfs.proc_ent, &cache_file_operations_procfs, cd); diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 18b8742eaa50..5085804ec8a7 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -157,11 +157,6 @@ static void ip_map_request(struct cache_detail *cd, (*bpp)[-1] = '\n'; } -static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) -{ - return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); -} - static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry); @@ -470,11 +465,6 @@ static void unix_gid_request(struct cache_detail *cd, (*bpp)[-1] = '\n'; } -static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) -{ - return sunrpc_cache_pipe_upcall(cd, h, cd->cache_request); -} - static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, uid_t uid); static int unix_gid_parse(struct cache_detail *cd, @@ -577,7 +567,6 @@ static struct cache_detail unix_gid_cache_template = { .hash_size = GID_HASHMAX, .name = "auth.unix.gid", .cache_put = unix_gid_put, - .cache_upcall = unix_gid_upcall, .cache_request = unix_gid_request, .cache_parse = unix_gid_parse, .cache_show = unix_gid_show, @@ -875,7 +864,6 @@ static struct cache_detail ip_map_cache_template = { .hash_size = IP_HASHMAX, .name = "auth.unix.ip", .cache_put = ip_map_put, - .cache_upcall = ip_map_upcall, .cache_request = ip_map_request, .cache_parse = ip_map_parse, .cache_show = ip_map_show, -- cgit v1.2.3