lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 29 Apr 2022 14:58:54 +0900
From:   Jinyoung CHOI <j-young.choi@...sung.com>
To:     "axboe@...nel.dk" <axboe@...nel.dk>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     "hch@...radead.org" <hch@...radead.org>
Subject: [RESEND PATCH v2] block-map: added error handling for
 bio_copy_kern()

When new pages are allocated to bio through alloc_page() in
bio_copy_kern(), the pages must be freed in error handling after that.

There is little chance of an error occurring in blk_rq_append_bio(), but
in the code flow, pages additionally allocated to bio must be released.

V2:
	- replace int with bool

Reviewed-by: Christoph Hellwig <hch@....de>
Signed-off-by: Jinyoung Choi <j-young.choi@...sung.com>
---
 block/blk-map.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/blk-map.c b/block/blk-map.c
index df8b066cd548..613990fa87e1 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -637,6 +637,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
 	int reading = rq_data_dir(rq) == READ;
 	unsigned long addr = (unsigned long) kbuf;
 	struct bio *bio;
+	bool do_copy;
 	int ret;
 
 	if (len > (queue_max_hw_sectors(q) << 9))
@@ -644,8 +645,9 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
 	if (!len || !kbuf)
 		return -EINVAL;
 
-	if (!blk_rq_aligned(q, addr, len) || object_is_on_stack(kbuf) ||
-	    blk_queue_may_bounce(q))
+	do_copy = !blk_rq_aligned(q, addr, len) || object_is_on_stack(kbuf) ||
+		blk_queue_may_bounce(q);
+	if (do_copy)
 		bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
 	else
 		bio = bio_map_kern(q, kbuf, len, gfp_mask);
@@ -658,6 +660,8 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
 
 	ret = blk_rq_append_bio(rq, bio);
 	if (unlikely(ret)) {
+		if (do_copy)
+			bio_free_pages(bio);
 		bio_uninit(bio);
 		kfree(bio);
 	}
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ