54f9247b3f
I have been investigating a module reference count leak on the server for rpcsec_gss_krb5.ko. It turns out the problem is a reference count leak for the security context in net/sunrpc/auth_gss/svcauth_gss.c. The problem is that gss_write_init_verf() calls gss_svc_searchbyctx() which does a rsc_lookup() but never releases the reference to the context. There is another issue that rpc.svcgssd sets an "end of time" expiration for the context By adding a cache_put() call in gss_svc_searchbyctx(), and setting an expiration timeout in the downcall, cache_clean() does clean up the context and the module reference count now goes to zero after unmount. I also verified that if the context expires and then the client makes a new request, a new context is established. Here is the patch to fix the kernel, I will start a separate thread to discuss what expiration time should be set by rpc.svcgssd. Acked-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| auth_gss | ||
| auth_null.c | ||
| auth_unix.c | ||
| auth.c | ||
| cache.c | ||
| clnt.c | ||
| Makefile | ||
| rpc_pipe.c | ||
| rpcb_clnt.c | ||
| sched.c | ||
| socklib.c | ||
| stats.c | ||
| sunrpc_syms.c | ||
| svc.c | ||
| svcauth_unix.c | ||
| svcauth.c | ||
| svcsock.c | ||
| sysctl.c | ||
| timer.c | ||
| xdr.c | ||
| xprt.c | ||
| xprtsock.c | ||