首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

SUNRPC: Fix a memory leak in call_encode()

If we retransmit an RPC request, we currently end up clobbering the
value of req->rq_rcv_buf.bvec that was allocated by the initial call to
xprt_request_prepare(req).

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Trond Myklebust 6 年之前
父节点
8dae5398ab
当前提交
71700bb960
共有 3 个文件被更改,包括 3 次插入1 次删除
分列视图 显示文件统计
  1. 0 1
      include/linux/sunrpc/xdr.h
  2. 1 0
      net/sunrpc/clnt.c
  3. 2 0
      net/sunrpc/xprt.c

+ 0 - 1
include/linux/sunrpc/xdr.h
查看文件 

@@ -72,7 +72,6 @@ xdr_buf_init(struct xdr_buf *buf, void *start, size_t len)
 
 	buf->head[0].iov_base = start;
 
 	buf->head[0].iov_len = len;
 
 	buf->tail[0].iov_len = 0;
 
-	buf->bvec = NULL;
 
 	buf->pages = NULL;
 
 	buf->page_len = 0;
 
 	buf->flags = 0;

+ 1 - 0
net/sunrpc/clnt.c
查看文件 

@@ -2309,6 +2309,7 @@ out_retry:
 
 	task->tk_status = 0;
 
 	/* Note: rpc_verify_header() may have freed the RPC slot */
 
 	if (task->tk_rqstp == req) {
 
+		xdr_free_bvec(&req->rq_rcv_buf);
 
 		req->rq_reply_bytes_recvd = req->rq_rcv_buf.len = 0;
 
 		if (task->tk_client->cl_discrtry)
 
 			xprt_conditional_disconnect(req->rq_xprt,

+ 2 - 0
net/sunrpc/xprt.c
查看文件 

@@ -1623,6 +1623,8 @@ xprt_request_init(struct rpc_task *task)
 
 	req->rq_snd_buf.buflen = 0;
 
 	req->rq_rcv_buf.len = 0;
 
 	req->rq_rcv_buf.buflen = 0;
 
+	req->rq_snd_buf.bvec = NULL;
 
+	req->rq_rcv_buf.bvec = NULL;
 
 	req->rq_release_snd_buf = NULL;
 
 	xprt_reset_majortimeo(req);
 
 	dprintk("RPC: %5u reserved req %p xid %08x\n", task->tk_pid,