| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131211171819.GB8078@phenom.dumpdata.com> Date: Wed, 11 Dec 2013 12:18:19 -0500 From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> To: Mike Christie <michaelc@...wisc.edu> Cc: Ethan Zhao <ethan.kernel@...il.com>, pjones@...hat.com, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] [SCSI] iscsi_boot_sysfs: Fix a memory leak in iscsi_boot_destroy_kset() On Tue, Dec 10, 2013 at 12:46:36PM -0600, Mike Christie wrote: > On 12/10/13 8:11 AM, Konrad Rzeszutek Wilk wrote: > >Ethan Zhao <ethan.kernel@...il.com> wrote: > >>Konrad, > >> > >>boot_kset was allocated when module loaded by > >>ibft_init() > >> iscsi_boot_create_kset() > >> kzalloc() > >> > >>but wasn't freed when module unloaded by > >>ibft_exit() > >> ibft_cleanup() > >> iscsi_boot_destroy_kset() > >> > >>Thanks, > >>Ethan > >> > >>On Tue, Dec 10, 2013 at 5:30 AM, Konrad Rzeszutek Wilk > >><konrad.wilk@...cle.com> wrote: > >>>On Mon, Dec 09, 2013 at 05:37:11PM +0800, Ethan Zhao wrote: > >>>>From: "Ethan Zhao" <ethan.kernel@...il.com> > >>>> > >>>>Load and unload iscsi_ibft module will cause kernel memory leak, fix > >>it > >>>>in scsi/iscsi_boot_sysfs.c iscsi_boot_destroy_kset(). > >>>> > >>> > >>>Is there a stack trace? > >>>>Signed-off-by: Ethan Zhao <ethan.kernel@...il.com> > >>>>--- > >>>> drivers/scsi/iscsi_boot_sysfs.c | 1 + > >>>> 1 file changed, 1 insertion(+) > >>>> > >>>>diff --git a/drivers/scsi/iscsi_boot_sysfs.c > >>b/drivers/scsi/iscsi_boot_sysfs.c > >>>>index 14c1c8f..680bf6f 100644 > >>>>--- a/drivers/scsi/iscsi_boot_sysfs.c > >>>>+++ b/drivers/scsi/iscsi_boot_sysfs.c > >>>>@@ -490,5 +490,6 @@ void iscsi_boot_destroy_kset(struct > >>iscsi_boot_kset *boot_kset) > >>>> iscsi_boot_remove_kobj(boot_kobj); > >>>> > >>>> kset_unregister(boot_kset->kset); > >>>>+ kfree(boot_kset); > >>>> } > >>>> EXPORT_SYMBOL_GPL(iscsi_boot_destroy_kset); > >>>>-- > >>>>1.8.3.4 (Apple Git-47) > >>>> > > > >Right. In the past we did not do that b/c certain drivers (like broadcom) would allocate on the kset their name and try to free (the driver would after freeing the ibft). So you would end up with this patch a double free ( and it might be fixed by now but I can't recall). > > > > Do you mean the name string that is passed into kset_create_and_add? Yes. > If so that should not happen now. There does not seem to be any user > freeing that string. > > There used to be bug where at the initiator/target/ethernet level > there was a double free because iscsi_boot_sysfs and be2iscsi were > both freeing the struct associated with the > initiator/target/ethernet. That is fixed in > f457a46f179df41b0f6d80dee33b6e629945f276. That is the one! > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists