| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAO8a2SiS16QFJ0mDtAW0ieuy9Nh6RjnP7-39q0oZKsVwNL=kRQ@mail.gmail.com>
Date: Thu, 28 Nov 2024 14:17:54 +0200
From: Alex Markuze <amarkuze@...hat.com>
To: Max Kellermann <max.kellermann@...os.com>
Cc: xiubli@...hat.com, idryomov@...il.com, ceph-devel@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()
Pages are freed in `ceph_osdc_put_request`, trying to release them
this way will end badly.
On Wed, Nov 27, 2024 at 11:20 PM Max Kellermann
<max.kellermann@...os.com> wrote:
>
> In two `break` statements, the call to ceph_release_page_vector() was
> missing, leaking the allocation from ceph_alloc_page_vector().
>
> Cc: stable@...r.kernel.org
> Signed-off-by: Max Kellermann <max.kellermann@...os.com>
> ---
> fs/ceph/file.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index 4b8d59ebda00..24d0f1cc9aac 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -1134,6 +1134,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
> extent_cnt = __ceph_sparse_read_ext_count(inode, read_len);
> ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> if (ret) {
> + ceph_release_page_vector(pages, num_pages);
> ceph_osdc_put_request(req);
> break;
> }
> @@ -1168,6 +1169,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
> op->extent.sparse_ext_cnt);
> if (fret < 0) {
> ret = fret;
> + ceph_release_page_vector(pages, num_pages);
> ceph_osdc_put_request(req);
> break;
> }
> --
> 2.45.2
>
Powered by blists - more mailing lists