Date: Fri, 29 Aug 2025 03:23:08 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b06973a2f2a8 - stable/14 - nfsd: Fix slow leaks of NAMEI buffers Message-ID: <202508290323.57T3N8nJ065673@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=b06973a2f2a8854b4803c9a4d00dc0482be8f268 commit b06973a2f2a8854b4803c9a4d00dc0482be8f268 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2025-08-15 19:11:08 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2025-08-29 03:20:15 +0000 nfsd: Fix slow leaks of NAMEI buffers Commit 5b5b7e2ca2fa changed namei()s behaviour such that it does not free the NAMEI buffer unless returning an error. The nfsd was not fixed for this. Fortunately, the only leak would be one NAMEI buffer each time mountd(8) reloads the exports. (There were also leaks in the pNFS server configuration, but almost no one uses it.) This patch fixes the leaks by adding NDFREE_PNBUF() macros in the appropriate places. MFC after: 2 weeks Discussed with: kib Fixes: 5b5b7e2ca2fa ("vfs: always retain path buffer after lookup") (cherry picked from commit 9cd3860c10b6afaaaeb118dafc166ab168bc9083) --- sys/fs/nfsserver/nfs_nfsdport.c | 1 + sys/fs/nfsserver/nfs_nfsdstate.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index a4a729613038..c22d06ef0aeb 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -3589,6 +3589,7 @@ nfsrv_v4rootexport(void *argp, struct ucred *cred, struct thread *p) NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, nfsexargp->fspec); if ((error = namei(&nd)) != 0) goto out; + NDFREE_PNBUF(&nd); error = nfsvno_getfh(nd.ni_vp, &fh, p); vrele(nd.ni_vp); if (!error) { diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 0f556adb697b..cca977b31e8e 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -7724,6 +7724,7 @@ nfsrv_setdsserver(char *dspathp, char *mdspathp, NFSPROC_T *p, NFSD_DEBUG(4, "lookup=%d\n", error); if (error != 0) return (error); + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VDIR) { vput(nd.ni_vp); NFSD_DEBUG(4, "dspath not dir\n"); @@ -7760,6 +7761,7 @@ nfsrv_setdsserver(char *dspathp, char *mdspathp, NFSPROC_T *p, NFSD_DEBUG(4, "dsdirpath=%s lookup=%d\n", dsdirpath, error); if (error != 0) break; + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VDIR) { vput(nd.ni_vp); error = ENOTDIR; @@ -7788,6 +7790,7 @@ nfsrv_setdsserver(char *dspathp, char *mdspathp, NFSPROC_T *p, NFSD_DEBUG(4, "mds lookup=%d\n", error); if (error != 0) goto out; + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VDIR) { vput(nd.ni_vp); error = ENOTDIR; @@ -8647,6 +8650,7 @@ nfsrv_mdscopymr(char *mdspathp, char *dspathp, char *curdspathp, char *buf, NFSD_DEBUG(4, "lookup=%d\n", error); if (error != 0) return (error); + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VREG) { vput(nd.ni_vp); NFSD_DEBUG(4, "mdspath not reg\n"); @@ -8668,6 +8672,7 @@ nfsrv_mdscopymr(char *mdspathp, char *dspathp, char *curdspathp, char *buf, vput(vp); return (error); } + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VDIR) { vput(nd.ni_vp); vput(vp); @@ -8710,6 +8715,7 @@ nfsrv_mdscopymr(char *mdspathp, char *dspathp, char *curdspathp, char *buf, vput(curvp); return (error); } + NDFREE_PNBUF(&nd); if (nd.ni_vp->v_type != VDIR || nd.ni_vp == curvp) { vput(nd.ni_vp); vput(vp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202508290323.57T3N8nJ065673>