lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.2.00.1204122102250.4802@kai.makisara.local>
Date:	Thu, 12 Apr 2012 21:08:09 +0300 (EEST)
From:	Kai Makisara <Kai.Makisara@...umbus.fi>
To:	David Jeffery <dhjeffery@...il.com>
cc:	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: memory leak with 1MB tape I/O

On Wed, 11 Apr 2012, David Jeffery wrote:

> There is a memory leak in the st driver when sending large enough reads or
> writes using st's direct I/O path.  As part of mapping the application's
> memory, a buffer to hold page pointers is allocated and the count of mapped
> pages is stored in field do_dio.  A non-zero do_dio marks that direct I/O is
> in use.
> 
> But do_dio is only 1 byte in size.  Mapping 256 4k pages overflows
> do_dio and causes it to be set to 0, like direct I/O option was not
> used.  When the I/O completes, the buffer to hold the page pointers is
> not freed, and the page counts of the mapped pages are not reduced.
> Every I/O of this size then leaks memory.
> 
> The size of do_dio needs to be increased to prevent it wrapping around.
> 
> signed-off-by: David Jeffery <djeffery@...hat.com>
> ---
> 
> --- a/drivers/scsi/st.h	2012-04-10 13:21:30.000000000 -0400
> +++ b/drivers/scsi/st.h	2012-04-10 14:55:43.000000000 -0400
> @@ -35,8 +35,8 @@
>  /* The tape buffer descriptor. */
>  struct st_buffer {
>  	unsigned char dma;	/* DMA-able buffer */
> -	unsigned char do_dio;   /* direct i/o set up? */
>  	unsigned char cleared;  /* internal buffer cleared after open? */
> +	unsigned short do_dio;  /* direct i/o set up? */
>  	int buffer_size;
>  	int buffer_blocks;
>  	int buffer_bytes;

Acked-by: Kai Mäkisara <kai.makisara@...umbus.fi>

Thanks,
Kai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ