Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
3
-
9223372036854775807
Description
It looks like tgt_checksum_niobuf_t10pi() can leak memory if we ever set rc to nonzero, some of the conditions appear to set it without any visible warnings:
req = cfs_crypto_hash_init(cfs_alg, NULL, 0); if (IS_ERR(req)) { CERROR("%s: unable to initialize checksum hash %s\n", tgt_name(tgt), cfs_crypto_hash_name(cfs_alg)); return PTR_ERR(req); } ... if (use_t10_grd) { used = DIV_ROUND_UP(local_nb[i].lnb_len, sector_size); if (used > (guard_number - used_number)) { rc = -E2BIG; break; } ... if (rc) GOTO(out, rc); ... rc = cfs_crypto_hash_final(req, (unsigned char *)&cksum, &bufsize); if (rc == 0) *check_sum = cksum; out: __free_page(__page); return rc; }
This not only leads to leaking the req, but also the allocated page might be tied in the crypto hash calcs I imagine (passed in as sg buffer with a reference to be potentially freed in the final?)
Attachments
Issue Links
- is related to
-
LU-15598 page leak on cfs_crypto_hash_init() error path in tgt_checksum_niobuf_t10pi
- Resolved