-
Notifications
You must be signed in to change notification settings - Fork 60
Closed
Description
Summary
In bd_loop_setup_from_fd (src/plugins/loop.c), when the LOOP_SET_BLOCK_SIZE
ioctl fails, the error path closes the file descriptor and returns FALSE but never
calls ioctl(loop_fd, LOOP_CLR_FD) to detach the backing file from the loop device.
Affected Version
libblockdev 3.4.0
Vulnerable Code
src/plugins/loop.c ~line 387:
if (status != 0) {
g_set_error (...)
g_free (loop_device);
close (loop_fd); /* missing LOOP_CLR_FD before this */
return FALSE;
}
Impact
The loop device remains associated in kernel state after the failed call.
Repeated calls with an invalid sector_size value will orphan loop devices,
eventually exhausting the available pool (/dev/loop0 through /dev/loop255).
Suggested Fix
Add cleanup before closing the fd in the failure branch:
if (status != 0) {
g_set_error (...)
ioctl (loop_fd, LOOP_CLR_FD); /* add this line */
g_free (loop_device);
close (loop_fd);
return FALSE;
}
Reference
LOOP_CLR_FD is correctly used in bd_loop_teardown (line 441) but absent
from the setup error path.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels