lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 3 Feb 2016 11:40:13 +0100
From:	Gi-Oh Kim <gi-oh.kim@...fitbricks.com>
To:	Roman Pen <roman.penyaev@...fitbricks.com>
Cc:	Tejun Heo <tj@...nel.org>, Jens Axboe <axboe@...nel.dk>,
	linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] block: fix module reference leak on put_disk() call
 for cgroups throttle



On 01.02.2016 15:51, Roman Pen wrote:
> get_disk(),get_gendisk() calls have non explicit side effect: they
> increase the reference on the disk owner module.
>
> The following is the correct sequence how to get a disk reference and
> to put it:
>
>      disk = get_gendisk(...);
>
>      /* use disk */
>
>      owner = disk->fops->owner;
>      put_disk(disk);
>      module_put(owner);
>
> fs/block_dev.c is aware of this required module_put() call, but f.e.
> blkg_conf_finish(), which is located in block/blk-cgroup.c, does not put
> a module reference.  To see a leakage in action cgroups throttle config
> can be used.  In the following script I'm removing throttle for /dev/ram0
> (actually this is NOP, because throttle was never set for this device):
>
>      # lsmod | grep brd
>      brd                     5175  0
>      # i=100; while [ $i -gt 0 ]; do echo "1:0 0" > \
>          /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device; i=$(($i - 1)); \
>      done
>      # lsmod | grep brd
>      brd                     5175  100
>
> Now brd module has 100 references.

I hope this patch would be merged into stable versions.
I've tested the patch with v3.12.45 on my server.

Before apply the patch, reference count was leaked.
# lsmod | grep loop
loop                   16091  0
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   16091  1
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   16091  2
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   16091  3
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   16091  4

After apply the patch, reference count was still:
# lsmod | grep loop
loop                   19171  0
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   19171  0
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   19171  0
# echo "7:0 1048576" > /sys/fs/cgroup/blkio/blkio.throttle.read_bps_device
# lsmod | grep loop
loop                   19171  0


-- 
Best regards,
Gi-Oh Kim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ