On Fri, Oct 19, 2018 at 11:28:59AM -0400, Olga Kornievskaia wrote:
> @@ -4273,6 +4337,9 @@ static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
> p = xdr_reserve_space(&resp->xdr, 4 + 4);
> *p++ = xdr_one; /* cr_consecutive */
> *p++ = cpu_to_be32(copy->cp_synchronous);
> +
> + /* allocated in nfsd4_decode_copy */
> + kfree(copy->cp_src);
This can result in a leak--for example, if we decode the compound
succesfully, but processing fails before we could to this op, then we'll
never call this encoder, so we'll allocate without freeing.
I think simplest would be to replace this:
> diff --git a/fs/nfsd/xdr4.h b/fs/nfsd/xdr4.h
> index feeb6d4..b4d1140 100644
> --- a/fs/nfsd/xdr4.h
> +++ b/fs/nfsd/xdr4.h
> @@ -521,6 +521,7 @@ struct nfsd4_copy {
> u64 cp_src_pos;
> u64 cp_dst_pos;
> u64 cp_count;
> + struct nl4_server *cp_src;
by just a
struct nl4_server cp_src;
since it sounds like you really only need one of them, not a whole array
(at least for now).
--b.
>
> /* both */
> bool cp_synchronous;
> --
> 1.8.3.1
