diff mbox series

NFS: Fix sysfs server name memory leak

Message ID 6702796fee0365bf399800326bbe6c88e5f73f68.1689014440.git.bcodding@redhat.com (mailing list archive)
State New, archived
Headers show
Series NFS: Fix sysfs server name memory leak | expand

Commit Message

Benjamin Coddington July 10, 2023, 6:41 p.m. UTC 
Free the formatted server index string after it has been duplicated by
kobject_rename().

Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
Reported-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 fs/nfs/sysfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Ido Schimmel July 12, 2023, 12:10 p.m. UTC | #1 
On Mon, Jul 10, 2023 at 02:41:58PM -0400, Benjamin Coddington wrote:
> Free the formatted server index string after it has been duplicated by
> kobject_rename().
> 
> Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> Reported-by: Alexander Aring <aahringo@redhat.com>
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>

Hit this issue as well. This patch fixes the problem.

Tested-by: Ido Schimmel <idosch@nvidia.com>

Thanks
Geert Uytterhoeven July 14, 2023, 3:20 p.m. UTC | #2 
Hi Benjamin,

On Mon, 10 Jul 2023, Benjamin Coddington wrote:
> Free the formatted server index string after it has been duplicated by
> kobject_rename().
>
> Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> Reported-by: Alexander Aring <aahringo@redhat.com>
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>

Thanks!

This fixes the memory leaks I was seeing:

     # cat /sys/kernel/debug/kmemleak
     unreferenced object 0xc6d3b7c0 (size 64):
       comm "mount.nfs", pid 261, jiffies 4294943450 (age 1385.530s)
       hex dump (first 32 bytes):
 	73 65 72 76 65 72 2d 32 00 00 00 00 00 00 00 00  server-2........
 	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
       backtrace:
 	[<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
 	[<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
 	[<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
 	[<1876b300>] kvasprintf+0x5c/0xcc
 	[<4fa40352>] kasprintf+0x28/0x58
 	[<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
 	[<6a98700b>] nfs_kill_super+0x18/0x34
 	[<d388276a>] deactivate_locked_super+0x50/0x88
 	[<3945c450>] cleanup_mnt+0x6c/0xc8
 	[<fb0ac980>] task_work_run+0x84/0xb4
 	[<d6ee2bd3>] do_work_pending+0x364/0x398
 	[<c7a0dcab>] slow_work_pending+0xc/0x20
     unreferenced object 0xc6cdd6c0 (size 64):
       comm "mount.nfs", pid 261, jiffies 4294943456 (age 1385.470s)
       hex dump (first 32 bytes):
 	73 65 72 76 65 72 2d 31 00 00 00 00 00 00 00 00  server-1........
 	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
       backtrace:
 	[<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
 	[<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
 	[<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
 	[<1876b300>] kvasprintf+0x5c/0xcc
 	[<4fa40352>] kasprintf+0x28/0x58
 	[<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
 	[<6a98700b>] nfs_kill_super+0x18/0x34
 	[<d388276a>] deactivate_locked_super+0x50/0x88
 	[<3945c450>] cleanup_mnt+0x6c/0xc8
 	[<fb0ac980>] task_work_run+0x84/0xb4
 	[<d6ee2bd3>] do_work_pending+0x364/0x398
 	[<c7a0dcab>] slow_work_pending+0xc/0x20

Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>

> --- a/fs/nfs/sysfs.c
> +++ b/fs/nfs/sysfs.c
> @@ -345,8 +345,10 @@ void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
> 	int ret = -ENOMEM;
>
> 	s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
> -	if (s)
> +	if (s) {
> 		ret = kobject_rename(&server->kobj, s);
> +		kfree(s);
> +	}
> 	if (ret < 0)
> 		pr_warn("NFS: rename sysfs %s failed (%d)\n",
> 					server->kobj.name, ret);

Gr{oetje,eeting}s,

 						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
 							    -- Linus Torvalds
Geert Uytterhoeven Aug. 15, 2023, 11:59 a.m. UTC | #3 
CC regressions

On Fri, Jul 14, 2023 at 5:29 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Mon, 10 Jul 2023, Benjamin Coddington wrote:
> > Free the formatted server index string after it has been duplicated by
> > kobject_rename().
> >
> > Fixes: 1c7251187dc0 ("NFS: add superblock sysfs entries")
> > Reported-by: Alexander Aring <aahringo@redhat.com>
> > Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
>
> Thanks!
>
> This fixes the memory leaks I was seeing:
>
>      # cat /sys/kernel/debug/kmemleak
>      unreferenced object 0xc6d3b7c0 (size 64):
>        comm "mount.nfs", pid 261, jiffies 4294943450 (age 1385.530s)
>        hex dump (first 32 bytes):
>         73 65 72 76 65 72 2d 32 00 00 00 00 00 00 00 00  server-2........
>         00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>        backtrace:
>         [<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
>         [<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
>         [<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
>         [<1876b300>] kvasprintf+0x5c/0xcc
>         [<4fa40352>] kasprintf+0x28/0x58
>         [<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
>         [<6a98700b>] nfs_kill_super+0x18/0x34
>         [<d388276a>] deactivate_locked_super+0x50/0x88
>         [<3945c450>] cleanup_mnt+0x6c/0xc8
>         [<fb0ac980>] task_work_run+0x84/0xb4
>         [<d6ee2bd3>] do_work_pending+0x364/0x398
>         [<c7a0dcab>] slow_work_pending+0xc/0x20
>      unreferenced object 0xc6cdd6c0 (size 64):
>        comm "mount.nfs", pid 261, jiffies 4294943456 (age 1385.470s)
>        hex dump (first 32 bytes):
>         73 65 72 76 65 72 2d 31 00 00 00 00 00 00 00 00  server-1........
>         00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>        backtrace:
>         [<7849dbd6>] slab_post_alloc_hook.constprop.0+0x9c/0xac
>         [<bf2297e0>] __kmem_cache_alloc_node+0xc4/0x124
>         [<07299a52>] __kmalloc_node_track_caller+0x80/0xa4
>         [<1876b300>] kvasprintf+0x5c/0xcc
>         [<4fa40352>] kasprintf+0x28/0x58
>         [<68e29ee6>] nfs_sysfs_move_sb_to_server+0x18/0x50
>         [<6a98700b>] nfs_kill_super+0x18/0x34
>         [<d388276a>] deactivate_locked_super+0x50/0x88
>         [<3945c450>] cleanup_mnt+0x6c/0xc8
>         [<fb0ac980>] task_work_run+0x84/0xb4
>         [<d6ee2bd3>] do_work_pending+0x364/0x398
>         [<c7a0dcab>] slow_work_pending+0xc/0x20
>
> Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
>
> > --- a/fs/nfs/sysfs.c
> > +++ b/fs/nfs/sysfs.c
> > @@ -345,8 +345,10 @@ void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
> >       int ret = -ENOMEM;
> >
> >       s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
> > -     if (s)
> > +     if (s) {
> >               ret = kobject_rename(&server->kobj, s);
> > +             kfree(s);
> > +     }
> >       if (ret < 0)
> >               pr_warn("NFS: rename sysfs %s failed (%d)\n",
> >                                       server->kobj.name, ret);

Gr{oetje,eeting}s,

                        Geert
diff mbox series

Patch

diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c
index acda8f033d30..bf378ecd5d9f 100644
--- a/fs/nfs/sysfs.c
+++ b/fs/nfs/sysfs.c
@@ -345,8 +345,10 @@  void nfs_sysfs_move_sb_to_server(struct nfs_server *server)
 	int ret = -ENOMEM;
 
 	s = kasprintf(GFP_KERNEL, "server-%d", server->s_sysfs_id);
-	if (s)
+	if (s) {
 		ret = kobject_rename(&server->kobj, s);
+		kfree(s);
+	}
 	if (ret < 0)
 		pr_warn("NFS: rename sysfs %s failed (%d)\n",
 					server->kobj.name, ret);