lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 Jun 2020 11:07:03 +0800
From:   Peng Fan <fanpeng@...ngson.cn>
To:     Alexander Viro <viro@...iv.linux.org.uk>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Xuefeng Li <lixuefeng@...ngson.cn>,
        Tiezhu Yang <yangtiezhu@...ngson.cn>
Subject: [PATCH] fs/read_write.c: Fix memory leak in read_write.c

kmemleak report:
unreferenced object 0x98000002bb591d00 (size 256):
  comm "ftest03", pid 24778, jiffies 4301603810 (age 490.665s)
  hex dump (first 32 bytes):
    00 01 04 20 01 00 00 00 80 00 00 00 00 00 00 00  ... ............
    f0 02 04 20 01 00 00 00 80 00 00 00 00 00 00 00  ... ............
  backtrace:
    [<0000000050b162cb>] __kmalloc+0x234/0x438
    [<00000000491da9c7>] rw_copy_check_uvector+0x1ac/0x1f0
    [<00000000b0dddb43>] import_iovec+0x50/0xe8
    [<00000000ae843d73>] vfs_readv+0x50/0xb0
    [<00000000c7216b06>] do_readv+0x80/0x160
    [<00000000cad79c3f>] syscall_common+0x34/0x58

This is because "iov" allocated by kmalloc() is not destroyed. Under normal
circumstances, "ret_pointer" should be equal to "iov". But if the previous 
statements fails to execute, and the allocation is successful, then the
block of memory will not be released, because it is necessary to 
determine whether they are equal. So we need to change the order.

Signed-off-by: Peng Fan <fanpeng@...ngson.cn>
---
 fs/read_write.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/read_write.c b/fs/read_write.c
index bbfa9b1..aa4f7c5 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -832,8 +832,8 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
 		}
 		ret += len;
 	}
-out:
 	*ret_pointer = iov;
+out:
 	return ret;
 }
 
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ