Commit:     54f9247b3f6e51b24a4b7e873b3ab34d8e59dc45
Parent:     153e44d22fb5f98198f90fbf56e89b345e48534d
Author:     Frank Filz <[EMAIL PROTECTED]>
AuthorDate: Wed May 9 02:34:53 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Wed May 9 12:30:54 2007 -0700

    knfsd: fix resource leak resulting in module refcount leak for 
    I have been investigating a module reference count leak on the server for
    rpcsec_gss_krb5.ko.  It turns out the problem is a reference count leak for
    the security context in net/sunrpc/auth_gss/svcauth_gss.c.
    The problem is that gss_write_init_verf() calls gss_svc_searchbyctx() which
    does a rsc_lookup() but never releases the reference to the context.  There 
    another issue that rpc.svcgssd sets an "end of time" expiration for the
    By adding a cache_put() call in gss_svc_searchbyctx(), and setting an
    expiration timeout in the downcall, cache_clean() does clean up the context
    and the module reference count now goes to zero after unmount.
    I also verified that if the context expires and then the client makes a new
    request, a new context is established.
    Here is the patch to fix the kernel, I will start a separate thread to 
    what expiration time should be set by rpc.svcgssd.
    Acked-by: "J. Bruce Fields" <[EMAIL PROTECTED]>
    Signed-off-by: Frank Filz <[EMAIL PROTECTED]>
    Signed-off-by: Neil Brown <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 net/sunrpc/auth_gss/svcauth_gss.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c 
index c678f5f..9c0508e 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -924,6 +924,7 @@ static inline int
 gss_write_init_verf(struct svc_rqst *rqstp, struct rsi *rsip)
        struct rsc *rsci;
+       int        rc;
        if (rsip->major_status != GSS_S_COMPLETE)
                return gss_write_null_verf(rqstp);
@@ -932,7 +933,9 @@ gss_write_init_verf(struct svc_rqst *rqstp, struct rsi 
                rsip->major_status = GSS_S_NO_CONTEXT;
                return gss_write_null_verf(rqstp);
-       return gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
+       rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
+       cache_put(&rsci->h, &rsc_cache);
+       return rc;
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to