2010-07-14 17:54:24

by Kulikov Vasiliy

[permalink] [raw]
Subject: [PATCH] scsi: dpt_i2o: fix memory leak

Free allocated memory if adpt_ioctl_to_context() failed.

Signed-off-by: Kulikov Vasiliy <[email protected]>
---
drivers/scsi/dpt_i2o.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
index f2d4df1..dd9a43b 100644
--- a/drivers/scsi/dpt_i2o.c
+++ b/drivers/scsi/dpt_i2o.c
@@ -1839,8 +1839,10 @@ static int adpt_i2o_passthru(adpt_hba* pHba, u32 __user *arg)
sg_offset = (msg[0]>>4)&0xf;
msg[2] = 0x40000000; // IOCTL context
msg[3] = adpt_ioctl_to_context(pHba, reply);
- if (msg[3] == (u32)-1)
+ if (msg[3] == (u32)-1) {
+ kfree(reply);
return -EBUSY;
+ }

memset(sg_list,0, sizeof(sg_list[0])*pHba->sg_tablesize);
if(sg_offset) {
--
1.7.0.4


2010-07-14 19:00:19

by Dan Carpenter

[permalink] [raw]
Subject: Re: [PATCH] scsi: dpt_i2o: fix memory leak

On Wed, Jul 14, 2010 at 09:53:27PM +0400, Kulikov Vasiliy wrote:
> Free allocated memory if adpt_ioctl_to_context() failed.
>
> Signed-off-by: Kulikov Vasiliy <[email protected]>
> ---
> drivers/scsi/dpt_i2o.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
> index f2d4df1..dd9a43b 100644
> --- a/drivers/scsi/dpt_i2o.c
> +++ b/drivers/scsi/dpt_i2o.c
> @@ -1839,8 +1839,10 @@ static int adpt_i2o_passthru(adpt_hba* pHba, u32 __user *arg)
> sg_offset = (msg[0]>>4)&0xf;
> msg[2] = 0x40000000; // IOCTL context
> msg[3] = adpt_ioctl_to_context(pHba, reply);

This patch is wrong I'm afraid. adpt_ioctl_to_context() frees "reply" if
there is an error.

regards,
dan carpenter

> - if (msg[3] == (u32)-1)
> + if (msg[3] == (u32)-1) {
> + kfree(reply);
> return -EBUSY;
> + }
>
> memset(sg_list,0, sizeof(sg_list[0])*pHba->sg_tablesize);
> if(sg_offset) {
> --

2010-07-14 19:06:43

by Kulikov Vasiliy

[permalink] [raw]
Subject: Re: [PATCH] scsi: dpt_i2o: fix memory leak

On Wed, Jul 14, 2010 at 20:58 +0200, Dan Carpenter wrote:
> On Wed, Jul 14, 2010 at 09:53:27PM +0400, Kulikov Vasiliy wrote:
> > Free allocated memory if adpt_ioctl_to_context() failed.
> >
> > Signed-off-by: Kulikov Vasiliy <[email protected]>
> > ---
> > drivers/scsi/dpt_i2o.c | 4 +++-
> > 1 files changed, 3 insertions(+), 1 deletions(-)
> >
> > diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
> > index f2d4df1..dd9a43b 100644
> > --- a/drivers/scsi/dpt_i2o.c
> > +++ b/drivers/scsi/dpt_i2o.c
> > @@ -1839,8 +1839,10 @@ static int adpt_i2o_passthru(adpt_hba* pHba, u32 __user *arg)
> > sg_offset = (msg[0]>>4)&0xf;
> > msg[2] = 0x40000000; // IOCTL context
> > msg[3] = adpt_ioctl_to_context(pHba, reply);
>
> This patch is wrong I'm afraid. adpt_ioctl_to_context() frees "reply" if
> there is an error.
Hmm right, but it is very strange coding style - function frees resources
that it did not allocated on error and does not free them on success.

Please, ignore this patch. Sorry for the noise.