[lvc-project] [PATCH 6.12] block: fix memory leak in in bio_map_user_iov()
Dmitry Antipov
dmantipov at yandex.ru
Fri May 8 11:30:05 MSK 2026
On Thu, 2026-05-07 at 21:52 +0300, Fedor Pchelkin wrote:
> In some form the issue is present in current upstream as well. For
> example, there is another callsite of iov_iter_extract_pages() in
> block/bio-integrity.c where the same pattern still persists.
Good point, and skb_splice_from_iter() looks suspicious as well:
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 7dad68e3b518..bf053372acb2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -7343,12 +7343,16 @@ ssize_t skb_splice_from_iter(struct sk_buff *skb, struct iov_iter *iter,
len = iov_iter_extract_pages(iter, &ppages, maxsize, nr, 0, &off);
if (len <= 0) {
+ /* Possible memory leak - ppages should be vfree()'d
+ if reallocated (ppages != pages)? */
ret = len ?: -EIO;
break;
}
i = 0;
do {
+ /* This looks wrong if reallocated - ppages[i++]
+ should be used instead? */
struct page *page = pages[i++];
size_t part = min_t(size_t, PAGE_SIZE - off, len);
This issue likely crosses the boundaries of block subsystem so netdev
people are encouraged to look as well.
Dmitry
More information about the lvc-project
mailing list