lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4F85ADE1.30803@gmail.com>
Date:	Wed, 11 Apr 2012 12:14:25 -0400
From:	David Jeffery <dhjeffery@...il.com>
To:	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: memory leak with 1MB tape I/O

There is a memory leak in the st driver when sending large enough reads or
writes using st's direct I/O path.  As part of mapping the application's
memory, a buffer to hold page pointers is allocated and the count of mapped
pages is stored in field do_dio.  A non-zero do_dio marks that direct I/O is
in use.

But do_dio is only 1 byte in size.  Mapping 256 4k pages overflows
do_dio and causes it to be set to 0, like direct I/O option was not
used.  When the I/O completes, the buffer to hold the page pointers is
not freed, and the page counts of the mapped pages are not reduced.
Every I/O of this size then leaks memory.

The size of do_dio needs to be increased to prevent it wrapping around.

signed-off-by: David Jeffery <djeffery@...hat.com>
---

--- a/drivers/scsi/st.h	2012-04-10 13:21:30.000000000 -0400
+++ b/drivers/scsi/st.h	2012-04-10 14:55:43.000000000 -0400
@@ -35,8 +35,8 @@
 /* The tape buffer descriptor. */
 struct st_buffer {
 	unsigned char dma;	/* DMA-able buffer */
-	unsigned char do_dio;   /* direct i/o set up? */
 	unsigned char cleared;  /* internal buffer cleared after open? */
+	unsigned short do_dio;  /* direct i/o set up? */
 	int buffer_size;
 	int buffer_blocks;
 	int buffer_bytes;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ