lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aTHLHGtXXrtDumEy@kbusch-mbp>
Date: Thu, 4 Dec 2025 10:55:40 -0700
From: Keith Busch <kbusch@...nel.org>
To: shaurya <ssranevjti@...il.com>
Cc: syzbot+527a7e48a3d3d315d862@...kaller.appspotmail.com,
	linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [block?] [udf?] memory leak in __blkdev_issue_zero_pages

On Thu, Dec 04, 2025 at 09:42:38PM +0530, shaurya wrote:
> Move the fatal signal check before bio_alloc() to prevent a memory
> leak when BLKDEV_ZERO_KILLABLE is set and a fatal signal is pending.
> 
> Previously, the bio was allocated before checking for a fatal signal.
> If a signal was pending, the code would break out of the loop without
> freeing or chaining the just-allocated bio, causing a memory leak.
> 
> This matches the pattern already used in __blkdev_issue_write_zeroes()
> where the signal check precedes the allocation.
> 
> Signed-off-by: Shaurya Rane <ssrane_b23@...vjti.ac.in>

Looks good.

Reviewed-by: Keith Busch <kbusch@...nel.org>

> ---
>  block/blk-lib.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/block/blk-lib.c b/block/blk-lib.c
> index 3030a772d3aa..352e3c0f8a7d 100644
> --- a/block/blk-lib.c
> +++ b/block/blk-lib.c
> @@ -202,13 +202,13 @@ static void __blkdev_issue_zero_pages(struct block_device *bdev,
>  		unsigned int nr_vecs = __blkdev_sectors_to_bio_pages(nr_sects);
>  		struct bio *bio;
>  
> -		bio = bio_alloc(bdev, nr_vecs, REQ_OP_WRITE, gfp_mask);
> -		bio->bi_iter.bi_sector = sector;
> -
>  		if ((flags & BLKDEV_ZERO_KILLABLE) &&
>  		    fatal_signal_pending(current))
>  			break;
>  
> +		bio = bio_alloc(bdev, nr_vecs, REQ_OP_WRITE, gfp_mask);
> +		bio->bi_iter.bi_sector = sector;
> +
>  		do {
>  			unsigned int len;
>  
> --

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ