Re: [PATCH] SUNRPC: Fix potential memory leak in xs_udp_send_request()
From: Trond Myklebust
Date: Wed Sep 07 2022 - 09:30:45 EST
On Wed, 2022-09-07 at 06:08 -0400, Jeff Layton wrote:
> On Wed, 2022-09-07 at 15:13 +0800, Jianglei Nie wrote:
> > xs_udp_send_request() allocates a memory chunk for xdr->bvec with
> > xdr_alloc_bvec(). When xprt_sock_sendmsg() finishs, xdr->bvec is
> > not
> > released, which will lead to a memory leak.
> >
> > we should release the xdr->bvec with xdr_free_bvec() after
> > xprt_sock_sendmsg() like bc_sendto() does.
> >
> > Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
> > ---
> > net/sunrpc/xprtsock.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > index e976007f4fd0..298182a3c168 100644
> > --- a/net/sunrpc/xprtsock.c
> > +++ b/net/sunrpc/xprtsock.c
> > @@ -958,6 +958,7 @@ static int xs_udp_send_request(struct rpc_rqst
> > *req)
> > return status;
> > req->rq_xtime = ktime_get();
> > status = xprt_sock_sendmsg(transport->sock, &msg, xdr, 0,
> > 0, &sent);
> > + xdr_free_bvec(xdr);
> >
> > dprintk("RPC: xs_udp_send_request(%u) = %d\n",
> > xdr->len, status);
>
> I think you're probably correct here.
>
> I was thinking we might have a similar bug in svc_tcp_sendmsg, but it
> looks like that one gets freed in svc_tcp_sendto.
>
> Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
No, this patch is unnecessary and won't be applied. We already do this
for all transports in xprt_request_dequeue_transmit().
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx