| Message ID | 20231226072021.3550114-1-alexious@zju.edu.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] SUNRPC: fix some memleaks in gssx_dec_option_array | expand |
Hi Zhipeng, kernel test robot noticed the following build warnings: [auto build test WARNING on trondmy-nfs/linux-next] [also build test WARNING on linus/master v6.7-rc7 next-20231222] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Zhipeng-Lu/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array/20231226-152422 base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next patch link: https://lore.kernel.org/r/20231226072021.3550114-1-alexious%40zju.edu.cn patch subject: [PATCH] [v2] SUNRPC: fix some memleaks in gssx_dec_option_array config: i386-randconfig-012-20231226 (https://download.01.org/0day-ci/archive/20231226/202312262220.LMUasLov-lkp@intel.com/config) compiler: ClangBuiltLinux clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231226/202312262220.LMUasLov-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202312262220.LMUasLov-lkp@intel.com/ All warnings (new ones prefixed by >>): >> net/sunrpc/auth_gss/gss_rpc_xdr.c:301:1: warning: unused label 'err' [-Wunused-label] 301 | err: | ^~~~ 1 warning generated. vim +/err +301 net/sunrpc/auth_gss/gss_rpc_xdr.c 228 229 static int gssx_dec_option_array(struct xdr_stream *xdr, 230 struct gssx_option_array *oa) 231 { 232 struct svc_cred *creds; 233 u32 count, i; 234 __be32 *p; 235 int err; 236 237 p = xdr_inline_decode(xdr, 4); 238 if (unlikely(p == NULL)) 239 return -ENOSPC; 240 count = be32_to_cpup(p++); 241 if (!count) 242 return 0; 243 244 /* we recognize only 1 currently: CREDS_VALUE */ 245 oa->count = 1; 246 247 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL); 248 if (!oa->data) 249 return -ENOMEM; 250 251 creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL); 252 if (!creds) { 253 err = -ENOMEM; 254 goto free_oa; 255 } 256 257 oa->data[0].option.data = CREDS_VALUE; 258 oa->data[0].option.len = sizeof(CREDS_VALUE); 259 oa->data[0].value.data = (void *)creds; 260 oa->data[0].value.len = 0; 261 262 for (i = 0; i < count; i++) { 263 gssx_buffer dummy = { 0, NULL }; 264 u32 length; 265 266 /* option buffer */ 267 p = xdr_inline_decode(xdr, 4); 268 if (unlikely(p == NULL)) { 269 err = -ENOSPC; 270 goto free_creds; 271 } 272 273 length = be32_to_cpup(p); 274 p = xdr_inline_decode(xdr, length); 275 if (unlikely(p == NULL)) { 276 err = -ENOSPC; 277 goto free_creds; 278 } 279 280 if (length == sizeof(CREDS_VALUE) && 281 memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) { 282 /* We have creds here. parse them */ 283 err = gssx_dec_linux_creds(xdr, creds); 284 if (err) 285 goto free_creds; 286 oa->data[0].value.len = 1; /* presence */ 287 } else { 288 /* consume uninteresting buffer */ 289 err = gssx_dec_buffer(xdr, &dummy); 290 if (err) 291 goto free_creds; 292 } 293 } 294 return 0; 295 296 free_creds: 297 kfree(creds); 298 free_oa: 299 kfree(oa->data); 300 oa->data = NULL; > 301 err: 302 return err; 303 } 304
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index d79f12c2550a..c69f5abf696e 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c @@ -250,8 +250,8 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL); if (!creds) { - kfree(oa->data); - return -ENOMEM; + err = -ENOMEM; + goto free_oa; } oa->data[0].option.data = CREDS_VALUE; @@ -265,29 +265,41 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, /* option buffer */ p = xdr_inline_decode(xdr, 4); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } length = be32_to_cpup(p); p = xdr_inline_decode(xdr, length); - if (unlikely(p == NULL)) - return -ENOSPC; + if (unlikely(p == NULL)) { + err = -ENOSPC; + goto free_creds; + } if (length == sizeof(CREDS_VALUE) && memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) { /* We have creds here. parse them */ err = gssx_dec_linux_creds(xdr, creds); if (err) - return err; + goto free_creds; oa->data[0].value.len = 1; /* presence */ } else { /* consume uninteresting buffer */ err = gssx_dec_buffer(xdr, &dummy); if (err) - return err; + goto free_creds; } } return 0; + +free_creds: + kfree(creds); +free_oa: + kfree(oa->data); + oa->data = NULL; +err: + return err; } static int gssx_dec_status(struct xdr_stream *xdr,
The creds and oa->data need to be freed in the error-handling paths after there allocation. So this patch add these deallocations in the corresponding paths. Fixes: 1d658336b05f ("SUNRPC: Add RPC based upcall mechanism for RPCGSS auth") Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn> --- Changelog: v2: correct some syntactic problems. --- net/sunrpc/auth_gss/gss_rpc_xdr.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-)