mirror of
https://github.com/opnsense/src.git
synced 2026-02-20 00:11:07 -05:00
510404f2f4
When running nvme passthrough commands through the ioctl interface
memory is mapped with vmapbuf() but not unmapped. This results in leaked
memory whenever a process executes an nvme passthrough command with a
data buffer. This can be replicated with a simple c function (error
checks skipped for brevity):
void leak_memory(int nvme_ns_fd, uint16_t nblocks) {
struct nvme_pt_command pt = {
.cmd = {
.opc = NVME_OPC_READ,
.cdw12 = nblocks - 1,
},
.len = nblocks * 512, // Assumes devices with 512 byte lba
.is_read = 1, // Reads and writes should both trigger leak
}
void *buf;
posix_memalign(&buf, nblocks * 512);
pt.buf = buf;
ioctl(nvme_ns_fd, NVME_PASSTHROUGH_COMMAND, &pt);
free(buf);
}
Signed-off-by: David Sloan <david.sloan@eideticom.com>
PR: 273626
Reviewed by: imp, markj
MFC after: 1 week
(cherry picked from commit 7ea866eb14f8ec869a525442c03228b6701e1dab)
|
||
|---|---|---|
| .. | ||
| nvme.c | ||
| nvme.h | ||
| nvme_ahci.c | ||
| nvme_ctrlr.c | ||
| nvme_ctrlr_cmd.c | ||
| nvme_ns.c | ||
| nvme_ns_cmd.c | ||
| nvme_pci.c | ||
| nvme_private.h | ||
| nvme_qpair.c | ||
| nvme_sim.c | ||
| nvme_sysctl.c | ||
| nvme_test.c | ||
| nvme_util.c | ||