From: Krishna Gudipati <kgudipat@Brocade.com> To: "'Dan Carpenter'" <dan.carpenter@oracle.com>, Jing Huang <huangj@Brocade.com> Cc: "'James E.J. Bottomley'" <JBottomley@parallels.com>, "'linux-scsi@vger.kernel.org'" <linux-scsi@vger.kernel.org>, "'linux-kernel@vger.kernel.org'" <linux-kernel@vger.kernel.org>, "'kernel-janitors@vger.kernel.org'" <kernel-janitors@vger.kernel.org> Subject: RE: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() Date: Wed, 27 Jun 2012 10:45:31 -0700 [thread overview] Message-ID: <B5EE62D80D50B84BB9E5174F7FCCE80A28396BCE91@HQ1-EXCH02.corp.brocade.com> (raw) In-Reply-To: <20120627085958.GB31212@elgon.mountain> -----Original Message----- From: Dan Carpenter [mailto:dan.carpenter@oracle.com] Sent: Wednesday, June 27, 2012 2:00 AM To: Jing Huang Cc: Krishna Gudipati; James E.J. Bottomley; linux-scsi@vger.kernel.org; linux-kernel@vger.kernel.org; kernel-janitors@vger.kernel.org Subject: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() If bfad_thread_workq(bfad) was not BFA_STATUS_OK then we freed "im" and then dereferenced it. I did a little clean up because it seemed nicer to return directly instead of doing a superfluous goto. I looked at other functions in this file and it seems like returning directly is standard. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- This is the third time I have sent this patch. It was previously sent on Fri, 29 Jul 2011 and Wed, 29 Feb 2012. diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c index 1ac09af..2eebf8d 100644 --- a/drivers/scsi/bfa/bfad_im.c +++ b/drivers/scsi/bfa/bfad_im.c @@ -687,25 +687,21 @@ bfa_status_t bfad_im_probe(struct bfad_s *bfad) { struct bfad_im_s *im; - bfa_status_t rc = BFA_STATUS_OK; im = kzalloc(sizeof(struct bfad_im_s), GFP_KERNEL); - if (im == NULL) { - rc = BFA_STATUS_ENOMEM; - goto ext; - } + if (im == NULL) + return BFA_STATUS_ENOMEM; bfad->im = im; im->bfad = bfad; if (bfad_thread_workq(bfad) != BFA_STATUS_OK) { kfree(im); - rc = BFA_STATUS_FAILED; + return BFA_STATUS_FAILED; } INIT_WORK(&im->aen_im_notify_work, bfad_aen_im_notify_handler); -ext: - return rc; + return BFA_STATUS_OK; } void ----- Thanks for the patch. Acked-by: Krishna Gudipati <kgudipat@brocade.com>
WARNING: multiple messages have this Message-ID (diff)
From: Krishna Gudipati <kgudipat@Brocade.com> To: 'Dan Carpenter' <dan.carpenter@oracle.com>, Jing Huang <huangj@Brocade.COM> Cc: "'James E.J. Bottomley'" <JBottomley@parallels.com>, "'linux-scsi@vger.kernel.org'" <linux-scsi@vger.kernel.org>, "'linux-kernel@vger.kernel.org'" <linux-kernel@vger.kernel.org>, "'kernel-janitors@vger.kernel.org'" <kernel-janitors@vger.kernel.org> Subject: RE: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() Date: Wed, 27 Jun 2012 17:45:31 +0000 [thread overview] Message-ID: <B5EE62D80D50B84BB9E5174F7FCCE80A28396BCE91@HQ1-EXCH02.corp.brocade.com> (raw) In-Reply-To: <20120627085958.GB31212@elgon.mountain> -----Original Message----- From: Dan Carpenter [mailto:dan.carpenter@oracle.com] Sent: Wednesday, June 27, 2012 2:00 AM To: Jing Huang Cc: Krishna Gudipati; James E.J. Bottomley; linux-scsi@vger.kernel.org; linux-kernel@vger.kernel.org; kernel-janitors@vger.kernel.org Subject: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() If bfad_thread_workq(bfad) was not BFA_STATUS_OK then we freed "im" and then dereferenced it. I did a little clean up because it seemed nicer to return directly instead of doing a superfluous goto. I looked at other functions in this file and it seems like returning directly is standard. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- This is the third time I have sent this patch. It was previously sent on Fri, 29 Jul 2011 and Wed, 29 Feb 2012. diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c index 1ac09af..2eebf8d 100644 --- a/drivers/scsi/bfa/bfad_im.c +++ b/drivers/scsi/bfa/bfad_im.c @@ -687,25 +687,21 @@ bfa_status_t bfad_im_probe(struct bfad_s *bfad) { struct bfad_im_s *im; - bfa_status_t rc = BFA_STATUS_OK; im = kzalloc(sizeof(struct bfad_im_s), GFP_KERNEL); - if (im = NULL) { - rc = BFA_STATUS_ENOMEM; - goto ext; - } + if (im = NULL) + return BFA_STATUS_ENOMEM; bfad->im = im; im->bfad = bfad; if (bfad_thread_workq(bfad) != BFA_STATUS_OK) { kfree(im); - rc = BFA_STATUS_FAILED; + return BFA_STATUS_FAILED; } INIT_WORK(&im->aen_im_notify_work, bfad_aen_im_notify_handler); -ext: - return rc; + return BFA_STATUS_OK; } void ----- Thanks for the patch. Acked-by: Krishna Gudipati <kgudipat@brocade.com>
next prev parent reply other threads:[~2012-06-27 18:03 UTC|newest] Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <CAA9_cmeNagC1sF54BAHa1sTzL3sMD3eKoftHQHCM5q9vKq5Dyg@mail.gmail.com> 2012-06-27 8:58 ` [Ksummit-2012-discuss] [ATTEND] Your upstream maintainer just isn't that into you Dan Carpenter 2012-06-27 8:59 ` [patch -resend] [SCSI] bfa: off by one in bfa_ioc_mbox_isr() Dan Carpenter 2012-06-27 8:59 ` Dan Carpenter 2012-06-27 17:44 ` Krishna Gudipati 2012-06-27 17:44 ` Krishna Gudipati 2012-06-27 8:59 ` [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() Dan Carpenter 2012-06-27 8:59 ` Dan Carpenter 2012-06-27 17:45 ` Krishna Gudipati [this message] 2012-06-27 17:45 ` Krishna Gudipati 2012-06-27 9:00 ` [patch -resend] [SCSI] megaraid: remove a spurious IRQ enable Dan Carpenter 2012-06-27 9:00 ` Dan Carpenter 2012-06-27 22:36 ` adam radford 2012-06-27 22:36 ` adam radford 2012-06-27 9:00 ` [patch 1/2 -resend] SCSI: advansys: handle errors from scsi_dma_map() Dan Carpenter 2012-06-27 9:00 ` Dan Carpenter 2012-06-27 10:01 ` walter harms 2012-06-27 10:01 ` walter harms 2012-06-27 10:15 ` Dan Carpenter 2012-06-27 10:15 ` Dan Carpenter 2012-06-27 9:01 ` [patch 2/2 -resend] SCSI: advansys: use a subsystem error code Dan Carpenter 2012-06-27 9:01 ` Dan Carpenter 2012-06-27 9:01 ` [patch -resend] 9p: fix min_t() casting in p9pdu_vwritef() Dan Carpenter 2012-06-27 9:01 ` Dan Carpenter 2012-06-27 10:19 ` walter harms 2012-06-27 10:19 ` walter harms 2012-06-27 10:36 ` Dan Carpenter 2012-06-27 10:36 ` Dan Carpenter 2012-06-27 10:56 ` walter harms 2012-06-27 22:26 ` David Miller 2012-06-27 22:26 ` David Miller 2012-06-27 9:02 ` [patch -resend] spi/spidev: handle integer wrap in spidev_message() Dan Carpenter 2012-06-27 9:02 ` Dan Carpenter 2012-06-27 9:02 ` [patch -resend] mmc: ushc: fix an endianness conversion in ushc_request() Dan Carpenter 2012-06-27 9:02 ` Dan Carpenter 2012-06-27 9:03 ` [patch -resend] sgi-xp: nested calls to spin_lock_irqsave() Dan Carpenter 2012-06-27 9:03 ` Dan Carpenter 2012-06-27 9:04 ` [patch 1/3 -resend] [SCSI] pmcraid: remove unneeded check Dan Carpenter 2012-06-27 9:04 ` Dan Carpenter 2012-06-27 9:04 ` [patch 2/3 -resend] [SCSI] pmcraid: cpu_to_le32() => cpu_to_le64() Dan Carpenter 2012-06-27 9:04 ` Dan Carpenter 2012-06-27 9:04 ` [patch 3/3 -resend] [SCSI] pmcraid: find_first_zero_bit() takes bits not bytes Dan Carpenter 2012-06-27 9:04 ` Dan Carpenter 2012-06-27 9:05 ` [patch -resend] [SCSI] isci: add a couple __iomem annotations Dan Carpenter 2012-06-27 9:05 ` Dan Carpenter 2012-06-27 20:58 ` Dan Williams 2012-06-27 20:58 ` Dan Williams 2012-06-27 9:05 ` [SCSI] bfa: Implement LUN Masking feature using the SCSI Slave Callouts Dan Carpenter 2012-06-27 9:06 ` [patch -resend] NVMe: handle allocation failure in nvme_map_user_pages() Dan Carpenter 2012-06-27 9:06 ` Dan Carpenter 2012-06-27 9:06 ` [patch -resend] [media] az6007: precedence bug in az6007_i2c_xfer() Dan Carpenter 2012-06-27 9:06 ` Dan Carpenter 2012-06-27 13:11 ` Mauro Carvalho Chehab 2012-06-27 13:11 ` Mauro Carvalho Chehab 2012-06-28 19:33 ` Dan Carpenter 2012-06-28 19:33 ` Dan Carpenter 2012-06-27 9:07 ` [patch v3 -resend] edac i5000, i5400: fix pointer math in i5000_get_mc_regs() Dan Carpenter 2012-06-27 9:07 ` Dan Carpenter 2012-06-27 12:15 ` Mauro Carvalho Chehab 2012-06-27 12:15 ` Mauro Carvalho Chehab 2012-06-27 9:08 ` [patch -resend] [SCSI] megaraid: cleanup type issue in mega_build_cmd() Dan Carpenter 2012-06-27 9:08 ` Dan Carpenter 2012-06-27 22:36 ` adam radford 2012-06-27 22:36 ` adam radford 2012-06-27 9:08 ` [patch 1/2 -resend] dma-debug: debugfs_create_bool() takes a u32 pointer Dan Carpenter 2012-06-27 9:08 ` Dan Carpenter 2012-06-27 11:09 ` Neil Horman 2012-06-27 11:09 ` Neil Horman 2012-07-02 10:15 ` Joerg Roedel 2012-07-02 10:15 ` Joerg Roedel 2012-06-27 9:09 ` [patch 2/2 -resend] iommu/amd: fix type bug in flush code Dan Carpenter 2012-06-27 9:09 ` Dan Carpenter 2012-06-27 9:09 ` Dan Carpenter 2012-06-27 9:10 ` [patch -resend] isci: make function declaration match implementation Dan Carpenter 2012-06-27 9:10 ` Dan Carpenter 2012-06-27 9:10 ` [patch -resend] drm/i915/bios: cleanup return type of intel_parse_bios() Dan Carpenter 2012-06-27 9:10 ` Dan Carpenter 2012-06-27 9:10 ` [patch -resend] leds-lp5523: BUG() in error handling in probe() Dan Carpenter 2012-06-27 9:10 ` Dan Carpenter 2012-06-27 10:49 ` Bryan Wu 2012-06-27 10:49 ` Bryan Wu 2012-06-27 10:55 ` Dan Carpenter 2012-06-27 10:55 ` Dan Carpenter 2012-06-28 19:39 ` Matt Renzelmann 2012-06-28 19:39 ` Matt Renzelmann 2012-06-27 9:11 ` [patch -resend] Input: ff-memless - fix a couple min_t() casts Dan Carpenter 2012-06-27 9:11 ` Dan Carpenter 2012-07-08 1:18 ` Dmitry Torokhov 2012-07-08 1:18 ` Dmitry Torokhov 2012-06-27 9:11 ` [patch -resend] [patch] tlb_uv: remove some dead code in parse_tunables_write() Dan Carpenter 2012-06-27 9:11 ` Dan Carpenter
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=B5EE62D80D50B84BB9E5174F7FCCE80A28396BCE91@HQ1-EXCH02.corp.brocade.com \ --to=kgudipat@brocade.com \ --cc=JBottomley@parallels.com \ --cc=dan.carpenter@oracle.com \ --cc=huangj@Brocade.com \ --cc=kernel-janitors@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-scsi@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.