lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4e2e03e4-b5ed-e16a-e7a0-0900afb23042@kernel.dk>
Date:   Thu, 19 Dec 2019 05:45:32 -0700
From:   Jens Axboe <axboe@...nel.dk>
To:     Yang Yingliang <yangyingliang@...wei.com>
Cc:     linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] block: fix memleak when __blk_rq_map_user_iov() is failed

On 12/18/19 1:44 AM, Yang Yingliang wrote:
> When I doing fuzzy test, get the memleak report:
> 
> BUG: memory leak
> unreferenced object 0xffff88837af80000 (size 4096):
>   comm "memleak", pid 3557, jiffies 4294817681 (age 112.499s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     20 00 00 00 10 01 00 00 00 00 00 00 01 00 00 00   ...............
>   backtrace:
>     [<000000001c894df8>] bio_alloc_bioset+0x393/0x590
>     [<000000008b139a3c>] bio_copy_user_iov+0x300/0xcd0
>     [<00000000a998bd8c>] blk_rq_map_user_iov+0x2f1/0x5f0
>     [<000000005ceb7f05>] blk_rq_map_user+0xf2/0x160
>     [<000000006454da92>] sg_common_write.isra.21+0x1094/0x1870
>     [<00000000064bb208>] sg_write.part.25+0x5d9/0x950
>     [<000000004fc670f6>] sg_write+0x5f/0x8c
>     [<00000000b0d05c7b>] __vfs_write+0x7c/0x100
>     [<000000008e177714>] vfs_write+0x1c3/0x500
>     [<0000000087d23f34>] ksys_write+0xf9/0x200
>     [<000000002c8dbc9d>] do_syscall_64+0x9f/0x4f0
>     [<00000000678d8e9a>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
> 
> If __blk_rq_map_user_iov() is failed in blk_rq_map_user_iov(),
> the bio(s) which is allocated before this failing will leak. The
> refcount of the bio(s) is init to 1 and increased to 2 by calling
> bio_get(), but __blk_rq_unmap_user() only decrease it to 1, so
> the bio cannot be freed. Fix it by calling blk_rq_unmap_user().

Applied, thanks.

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ