| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52A7618C.3050308@cs.wisc.edu> Date: Tue, 10 Dec 2013 12:46:36 -0600 From: Mike Christie <michaelc@...wisc.edu> To: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> CC: Ethan Zhao <ethan.kernel@...il.com>, pjones@...hat.com, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] [SCSI] iscsi_boot_sysfs: Fix a memory leak in iscsi_boot_destroy_kset() On 12/10/13 8:11 AM, Konrad Rzeszutek Wilk wrote: > Ethan Zhao <ethan.kernel@...il.com> wrote: >> Konrad, >> >> boot_kset was allocated when module loaded by >> ibft_init() >> iscsi_boot_create_kset() >> kzalloc() >> >> but wasn't freed when module unloaded by >> ibft_exit() >> ibft_cleanup() >> iscsi_boot_destroy_kset() >> >> Thanks, >> Ethan >> >> On Tue, Dec 10, 2013 at 5:30 AM, Konrad Rzeszutek Wilk >> <konrad.wilk@...cle.com> wrote: >>> On Mon, Dec 09, 2013 at 05:37:11PM +0800, Ethan Zhao wrote: >>>> From: "Ethan Zhao" <ethan.kernel@...il.com> >>>> >>>> Load and unload iscsi_ibft module will cause kernel memory leak, fix >> it >>>> in scsi/iscsi_boot_sysfs.c iscsi_boot_destroy_kset(). >>>> >>> >>> Is there a stack trace? >>>> Signed-off-by: Ethan Zhao <ethan.kernel@...il.com> >>>> --- >>>> drivers/scsi/iscsi_boot_sysfs.c | 1 + >>>> 1 file changed, 1 insertion(+) >>>> >>>> diff --git a/drivers/scsi/iscsi_boot_sysfs.c >> b/drivers/scsi/iscsi_boot_sysfs.c >>>> index 14c1c8f..680bf6f 100644 >>>> --- a/drivers/scsi/iscsi_boot_sysfs.c >>>> +++ b/drivers/scsi/iscsi_boot_sysfs.c >>>> @@ -490,5 +490,6 @@ void iscsi_boot_destroy_kset(struct >> iscsi_boot_kset *boot_kset) >>>> iscsi_boot_remove_kobj(boot_kobj); >>>> >>>> kset_unregister(boot_kset->kset); >>>> + kfree(boot_kset); >>>> } >>>> EXPORT_SYMBOL_GPL(iscsi_boot_destroy_kset); >>>> -- >>>> 1.8.3.4 (Apple Git-47) >>>> > > Right. In the past we did not do that b/c certain drivers (like broadcom) would allocate on the kset their name and try to free (the driver would after freeing the ibft). So you would end up with this patch a double free ( and it might be fixed by now but I can't recall). > Do you mean the name string that is passed into kset_create_and_add? If so that should not happen now. There does not seem to be any user freeing that string. There used to be bug where at the initiator/target/ethernet level there was a double free because iscsi_boot_sysfs and be2iscsi were both freeing the struct associated with the initiator/target/ethernet. That is fixed in f457a46f179df41b0f6d80dee33b6e629945f276. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists