Skip to content

lib: free pagelist on error in iov_iter_extract_pages()#811

Open
blktests-ci[bot] wants to merge 1 commit into
linus-master_basefrom
series/1091577=>linus-master
Open

lib: free pagelist on error in iov_iter_extract_pages()#811
blktests-ci[bot] wants to merge 1 commit into
linus-master_basefrom
series/1091577=>linus-master

Conversation

@blktests-ci
Copy link
Copy Markdown

@blktests-ci blktests-ci Bot commented May 8, 2026

Pull request for series with
subject: lib: free pagelist on error in iov_iter_extract_pages()
version: 1
url: https://patchwork.kernel.org/project/linux-block/list/?series=1091577

@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 8, 2026

Upstream branch: 6d35786
series: https://patchwork.kernel.org/project/linux-block/list/?series=1091577
version: 1

@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 1f0d33a to b1870f6 Compare May 10, 2026 15:59
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 10, 2026

Upstream branch: aa54b1d
series: https://patchwork.kernel.org/project/linux-block/list/?series=1091577
version: 1

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from e50d94a to 79d1ac7 Compare May 10, 2026 16:19
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 12, 2026

Upstream branch: aa54b1d
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot added V2 and removed V1 labels May 12, 2026
@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 79d1ac7 to 6917f08 Compare May 12, 2026 17:24
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from b1870f6 to ca57796 Compare May 15, 2026 07:55
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 15, 2026

Upstream branch: 70eda68
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 6917f08 to 89768ce Compare May 15, 2026 08:03
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from ca57796 to c1feb59 Compare May 21, 2026 02:54
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 21, 2026

Upstream branch: 8bc67e4
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 89768ce to 93cb581 Compare May 21, 2026 03:25
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from c1feb59 to ea833a1 Compare May 22, 2026 01:53
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 22, 2026

Upstream branch: 6779b50
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 93cb581 to 2a51bbb Compare May 22, 2026 02:22
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from ea833a1 to 7af85d1 Compare May 23, 2026 06:11
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 23, 2026

Upstream branch: 79bd2dd
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 2a51bbb to 6d4fca7 Compare May 23, 2026 07:18
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 7af85d1 to de94ac7 Compare May 23, 2026 17:08
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 23, 2026

Upstream branch: eed108e
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 6d4fca7 to b054898 Compare May 23, 2026 17:48
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from de94ac7 to 86d8d37 Compare May 26, 2026 15:38
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 26, 2026

Upstream branch: e8c2f9f
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from b054898 to a9d90e2 Compare May 26, 2026 16:20
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 86d8d37 to 9805659 Compare May 28, 2026 13:24
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 28, 2026

Upstream branch: eb3f4b7
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from a9d90e2 to 5780d4e Compare May 28, 2026 15:09
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 9805659 to 3f4a345 Compare May 29, 2026 11:12
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented May 29, 2026

Upstream branch: 8fde5d1
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 5780d4e to 4dcb14c Compare May 29, 2026 12:00
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from 3f4a345 to c6dc343 Compare June 1, 2026 08:58
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Jun 1, 2026

Upstream branch: e43ffb6
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 4dcb14c to 55df0a9 Compare June 1, 2026 09:50
@blktests-ci blktests-ci Bot force-pushed the linus-master_base branch from c6dc343 to fc36596 Compare June 3, 2026 13:56
@blktests-ci
Copy link
Copy Markdown
Author

blktests-ci Bot commented Jun 3, 2026

Upstream branch: ba3e43a
series: https://patchwork.kernel.org/project/linux-block/list/?series=1093683
version: 2

@dmantipov
lib: free pagelist on error in iov_iter_extract_pages()
d190837 
Users of 'iov_iter_extract_pages()' may provide small, likely
stack-allocated, array of pages by itself and then reject to
use it if it's considered too small. In such a case, passing
NULL pointer means that 'iov_iter_extract_pages()' should
allocate array of pages internally (via 'want_pages_array()').
An overall scenario may be:

...
struct page *stack_pages[SMALL];
struct page **pages = stack_pages;
...
if (not_enough_pages(SMALL))
        pages = NULL;
...
if (iov_iter_extract_pages(..., &pages, ...) <= 0) {
        /* Even in case of error, new array of pages may be allocated */
        if (pages != stack_pages)
                kvfree(pages);                                  [1]
        /* The rest of error handling and return */
}
/* Regular flow */
...
if (pages != stack_pages)
        kvfree(pages);
...

That is, if you're unlucky so SMALL amount of pages wasn't enough and
new array of pages was allocated, missing [1] causes the memory leak.

Currently 'bio_integrity_map_user()' seems the only place where such
a leak looks possible. Older kernels may have more. In particular,
6.12.x has this type of leak in 'bio_map_user_iov()', and it was
found with syzkaller and reproduced experimentally.

So adjust 'iov_iter_extract_pages()' to make cleanup [1] itself rather
than rely on caller's handling on error paths.

Fixes: 7d58fe7 ("iov_iter: Add a function to extract a page list from an iterator")
Cc: stable@vger.kernel.org
Suggested-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
@blktests-ci blktests-ci Bot force-pushed the series/1091577=>linus-master branch from 55df0a9 to d190837 Compare June 3, 2026 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

linus-master new V2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmantipov