[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.3 81/87] block/virtio-blk: Fix memory leak from virtio_blk_z
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.3 81/87] block/virtio-blk: Fix memory leak from virtio_blk_zone_report |
Date: |
Wed, 10 Apr 2024 10:22:54 +0300 |
From: Zheyu Ma <zheyuma97@gmail.com>
This modification ensures that in scenarios where the buffer size is
insufficient for a zone report, the function will now properly set an
error status and proceed to a cleanup label, instead of merely
returning.
The following ASAN log reveals it:
==1767400==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 312 byte(s) in 1 object(s) allocated from:
#0 0x64ac7b3280cd in malloc
llvm/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x735b02fb9738 in g_malloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738)
#2 0x64ac7d23be96 in virtqueue_split_pop hw/virtio/virtio.c:1612:12
#3 0x64ac7d23728a in virtqueue_pop hw/virtio/virtio.c:1783:16
#4 0x64ac7cfcaacd in virtio_blk_get_request hw/block/virtio-blk.c:228:27
#5 0x64ac7cfca7c7 in virtio_blk_handle_vq hw/block/virtio-blk.c:1123:23
#6 0x64ac7cfecb95 in virtio_blk_handle_output hw/block/virtio-blk.c:1157:5
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Message-id: 20240404120040.1951466-1-zheyuma97@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bbdf9023665f409113cb07b463732861af63fb47)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 31aac14581..59fb3e9a8e 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -783,7 +783,8 @@ static void virtio_blk_handle_zone_report(VirtIOBlockReq
*req,
sizeof(struct virtio_blk_zone_report) +
sizeof(struct virtio_blk_zone_descriptor)) {
virtio_error(vdev, "in buffer too small for zone report");
- return;
+ err_status = VIRTIO_BLK_S_ZONE_INVALID_CMD;
+ goto out;
}
/* start byte offset of the zone report */
--
2.39.2
- [Stable-8.2.3 72/87] virtio-net: Fix vhost virtqueue notifiers for RSS, (continued)
- [Stable-8.2.3 72/87] virtio-net: Fix vhost virtqueue notifiers for RSS, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 73/87] hw/net/net_tx_pkt: Fix virtio header without checksum offloading, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 71/87] target/riscv/kvm: fix timebase-frequency when using KVM acceleration, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 77/87] gitlab-ci/cirrus: switch from 'master' to 'latest', Michael Tokarev, 2024/04/10
- [Stable-8.2.3 76/87] migration/postcopy: Ensure postcopy_start() sets errp if it fails, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 75/87] target/hppa: Clear psw_n for BE on use_nullify_skip path, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 78/87] hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 74/87] tcg/optimize: Fix sign_mask for logical right-shift, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 79/87] target/arm: take HSTR traps of cp15 accesses to EL2, not EL1, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 80/87] hw/net/virtio-net: fix qemu set used ring flag even vhost started, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 81/87] block/virtio-blk: Fix memory leak from virtio_blk_zone_report,
Michael Tokarev <=
- [Stable-8.2.3 82/87] migration/postcopy: ensure preempt channel is ready before loading states, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 84/87] hw/virtio: Fix packed virtqueue flush used_idx, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 85/87] vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 87/87] virtio-snd: rewrite invalid tx/rx message handling, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 86/87] virtio-snd: Enhance error handling for invalid transfers, Michael Tokarev, 2024/04/10
- Re: [Stable-8.2.3 00/87] Patch Round-up for stable 8.2.3, freeze on 2024-04-20, Cole Robinson, 2024/04/16