lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250704124934.1071745-1-anders.roxell@linaro.org>
Date: Fri,  4 Jul 2025 14:49:34 +0200
From: Anders Roxell <anders.roxell@...aro.org>
To: giometti@...eenne.com
Cc: linux-kernel@...r.kernel.org,
	arnd@...db.de,
	Anders Roxell <anders.roxell@...aro.org>
Subject: [PATCH] scsi: iscsi: Fix IDR memory leak in transport exit

Add missing idr_destroy() call in iscsi_transport_exit() to properly free
the iscsi_ep_idr radix tree nodes. Without this, module load/unload cycles
leak 576-byte radix tree node allocations, detectable by kmemleak as:

unreferenced object (size 576):
  backtrace:
    [<ffffffff81234567>] radix_tree_node_alloc+0xa0/0xf0
    [<ffffffff81234568>] idr_get_free+0x128/0x280

The iscsi_ep_idr is initialized via DEFINE_IDR() at line 89 and used
throughout the iSCSI transport layer for endpoint ID management with
proper mutex protection via iscsi_ep_idr_mutex. The fix follows the
documented pattern in lib/idr.c and matches the cleanup approach used
by other drivers.

This leak was discovered through comprehensive module testing with cumulative
kmemleak detection across 10 load/unload iterations per module.

Fixes: 3c6ae371b8a1 ("scsi: iscsi: Release endpoint ID when its freed")
Signed-off-by: Anders Roxell <anders.roxell@...aro.org>
---
 drivers/pps/pps.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 6a02245ea35f..25ed0d44b121 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -456,6 +456,7 @@ static void __exit pps_exit(void)
 {
 	class_destroy(pps_class);
 	__unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps");
+	idr_destroy(&pps_idr);
 }
 
 static int __init pps_init(void)
-- 
2.47.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ