Commit 7c018a901c3fef2af9d713ba849e8e52eb82dde1
Committed by
James Bottomley
James Bottomley
1 parent
ad07b4a896
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
[SCSI] st: fix memory leak with >1MB tape I/O
There is a memory leak in the st driver when sending large enough reads or writes using st's direct I/O path. As part of mapping the application's memory, a buffer to hold page pointers is allocated and the count of mapped pages is stored in field do_dio. A non-zero do_dio marks that direct I/O is in use. But do_dio is only 1 byte in size. Mapping 256 4k pages overflows do_dio and causes it to be set to 0, like direct I/O option was not used. When the I/O completes, the buffer to hold the page pointers is not freed, and the page counts of the mapped pages are not reduced. Every I/O of this size then leaks memory. The size of do_dio needs to be increased to prevent it wrapping around. Signed-off-by: David Jeffery <djeffery@redhat.com> Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
drivers/scsi/st.h
| ... | ... | @@ -35,8 +35,8 @@ |
| 35 | 35 | /* The tape buffer descriptor. */ |
| 36 | 36 | struct st_buffer { |
| 37 | 37 | unsigned char dma; /* DMA-able buffer */ |
| 38 | - unsigned char do_dio; /* direct i/o set up? */ | |
| 39 | 38 | unsigned char cleared; /* internal buffer cleared after open? */ |
| 39 | + unsigned short do_dio; /* direct i/o set up? */ | |
| 40 | 40 | int buffer_size; |
| 41 | 41 | int buffer_blocks; |
| 42 | 42 | int buffer_bytes; |