| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Apr 2012 21:08:09 +0300 (EEST)
From: Kai Makisara <Kai.Makisara@...umbus.fi>
To: David Jeffery <dhjeffery@...il.com>
cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: memory leak with 1MB tape I/O
On Wed, 11 Apr 2012, David Jeffery wrote:
> There is a memory leak in the st driver when sending large enough reads or
> writes using st's direct I/O path. As part of mapping the application's
> memory, a buffer to hold page pointers is allocated and the count of mapped
> pages is stored in field do_dio. A non-zero do_dio marks that direct I/O is
> in use.
>
> But do_dio is only 1 byte in size. Mapping 256 4k pages overflows
> do_dio and causes it to be set to 0, like direct I/O option was not
> used. When the I/O completes, the buffer to hold the page pointers is
> not freed, and the page counts of the mapped pages are not reduced.
> Every I/O of this size then leaks memory.
>
> The size of do_dio needs to be increased to prevent it wrapping around.
>
> signed-off-by: David Jeffery <djeffery@...hat.com>
> ---
>
> --- a/drivers/scsi/st.h 2012-04-10 13:21:30.000000000 -0400
> +++ b/drivers/scsi/st.h 2012-04-10 14:55:43.000000000 -0400
> @@ -35,8 +35,8 @@
> /* The tape buffer descriptor. */
> struct st_buffer {
> unsigned char dma; /* DMA-able buffer */
> - unsigned char do_dio; /* direct i/o set up? */
> unsigned char cleared; /* internal buffer cleared after open? */
> + unsigned short do_dio; /* direct i/o set up? */
> int buffer_size;
> int buffer_blocks;
> int buffer_bytes;
Acked-by: Kai Mäkisara <kai.makisara@...umbus.fi>
Thanks,
Kai
Powered by blists - more mailing lists