* [patch 3/6] drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
@ 2012-01-10 23:42 akpm
2012-01-11 14:03 ` Mark Salyzyn
0 siblings, 1 reply; 3+ messages in thread
From: akpm @ 2012-01-10 23:42 UTC (permalink / raw)
To: James.Bottomley; +Cc: linux-scsi, akpm, jj
From: Jesper Juhl <jj@chaosbits.net>
Subject: drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() :
We allocate memory:
...
struct user_sgmap* usg;
usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
+ sizeof(struct sgmap), GFP_KERNEL);
and then neglect to free it:
...
for (i = 0; i < usg->count; i++) {
u64 addr;
void* p;
if (usg->sg[i].count >
((dev->adapter_info.options &
AAC_OPT_NEW_COMM) ?
(dev->scsi_host_ptr->max_sectors << 9) :
65536)) {
rcode = -EINVAL;
goto cleanup;
... this 'goto' makes 'usg' go out of scope and leak the memory we
allocated.
Other exits properly kfree(usg), it's just here it is neglected.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
drivers/scsi/aacraid/commctrl.c | 1 +
1 file changed, 1 insertion(+)
diff -puN drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb drivers/scsi/aacraid/commctrl.c
--- a/drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb
+++ a/drivers/scsi/aacraid/commctrl.c
@@ -650,6 +650,7 @@ static int aac_send_raw_srb(struct aac_d
AAC_OPT_NEW_COMM) ?
(dev->scsi_host_ptr->max_sectors << 9) :
65536)) {
+ kfree(usg);
rcode = -EINVAL;
goto cleanup;
}
_
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch 3/6] drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
2012-01-10 23:42 [patch 3/6] drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb() akpm
@ 2012-01-11 14:03 ` Mark Salyzyn
0 siblings, 0 replies; 3+ messages in thread
From: Mark Salyzyn @ 2012-01-11 14:03 UTC (permalink / raw)
To: linux-scsi; +Cc: James.Bottomley, jj, akpm, aacraid
Ack!!!
3/21/11 Jesper Jul
9/20/11 akpm
1/10/12 akpm
Sincerely -- Mark Salyzyn
On Jan 10, 2012, at 6:42 PM, akpm@linux-foundation.org wrote:
> From: Jesper Juhl <jj@chaosbits.net>
> Subject: drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
>
> We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() :
>
> We allocate memory:
> ...
> struct user_sgmap* usg;
> usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
> + sizeof(struct sgmap), GFP_KERNEL);
> and then neglect to free it:
> ...
> for (i = 0; i < usg->count; i++) {
> u64 addr;
> void* p;
> if (usg->sg[i].count >
> ((dev->adapter_info.options &
> AAC_OPT_NEW_COMM) ?
> (dev->scsi_host_ptr->max_sectors << 9) :
> 65536)) {
> rcode = -EINVAL;
> goto cleanup;
> ... this 'goto' makes 'usg' go out of scope and leak the memory we
> allocated.
> Other exits properly kfree(usg), it's just here it is neglected.
>
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
> Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
>
> drivers/scsi/aacraid/commctrl.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff -puN drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb drivers/scsi/aacraid/commctrl.c
> --- a/drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb
> +++ a/drivers/scsi/aacraid/commctrl.c
> @@ -650,6 +650,7 @@ static int aac_send_raw_srb(struct aac_d
> AAC_OPT_NEW_COMM) ?
> (dev->scsi_host_ptr->max_sectors << 9) :
> 65536)) {
> + kfree(usg);
> rcode = -EINVAL;
> goto cleanup;
> }
^ permalink raw reply [flat|nested] 3+ messages in thread
* [patch 3/6] drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
@ 2011-11-15 22:58 akpm
0 siblings, 0 replies; 3+ messages in thread
From: akpm @ 2011-11-15 22:58 UTC (permalink / raw)
To: James.Bottomley; +Cc: linux-scsi, akpm, jj
From: Jesper Juhl <jj@chaosbits.net>
Subject: drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() :
We allocate memory:
...
struct user_sgmap* usg;
usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
+ sizeof(struct sgmap), GFP_KERNEL);
and then neglect to free it:
...
for (i = 0; i < usg->count; i++) {
u64 addr;
void* p;
if (usg->sg[i].count >
((dev->adapter_info.options &
AAC_OPT_NEW_COMM) ?
(dev->scsi_host_ptr->max_sectors << 9) :
65536)) {
rcode = -EINVAL;
goto cleanup;
... this 'goto' makes 'usg' go out of scope and leak the memory we
allocated.
Other exits properly kfree(usg), it's just here it is neglected.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
drivers/scsi/aacraid/commctrl.c | 1 +
1 file changed, 1 insertion(+)
diff -puN drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb drivers/scsi/aacraid/commctrl.c
--- a/drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb
+++ a/drivers/scsi/aacraid/commctrl.c
@@ -650,6 +650,7 @@ static int aac_send_raw_srb(struct aac_d
AAC_OPT_NEW_COMM) ?
(dev->scsi_host_ptr->max_sectors << 9) :
65536)) {
+ kfree(usg);
rcode = -EINVAL;
goto cleanup;
}
_
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-01-11 14:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-10 23:42 [patch 3/6] drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb() akpm
2012-01-11 14:03 ` Mark Salyzyn
-- strict thread matches above, loose matches on Subject: below --
2011-11-15 22:58 akpm
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.