From: Bartlomiej Zolnierkiewicz <dake@staszic.waw.pl>
To: linux-kernel@vger.kernel.org
Cc: torvalds@transmeta.com
Subject: [PATCH]
Date: Wed, 8 Nov 2000 00:09:38 +0100 (CET) [thread overview]
Message-ID: <Pine.LNX.4.21.0011080005410.1628-200000@tricky> (raw)
[-- Attachment #1: Type: TEXT/PLAIN, Size: 131 bytes --]
I hitted few items from Dawson Engler's list of potential kmalloc/kfree
bugs...
--
Bartlomiej Zolnierkiewicz
<bkz@linux-ide.org>
[-- Attachment #2: Type: TEXT/PLAIN, Size: 5501 bytes --]
--- linux-240t10/drivers/ide/ide-probe.c Tue Oct 3 00:16:51 2000
+++ linux/drivers/ide/ide-probe.c Tue Nov 7 00:25:35 2000
@@ -652,6 +653,10 @@
hwgroup = match->hwgroup;
} else {
hwgroup = kmalloc(sizeof(ide_hwgroup_t), GFP_KERNEL);
+ if(!hwgroup) {
+ restore_flags(flags);
+ return 1;
+ }
memset(hwgroup, 0, sizeof(ide_hwgroup_t));
hwgroup->hwif = hwif->next = hwif;
hwgroup->rq = NULL;
@@ -746,11 +751,23 @@
}
minors = units * (1<<PARTN_BITS);
gd = kmalloc (sizeof(struct gendisk), GFP_KERNEL);
+ if(!gd)
+ goto cleanup_gd;
gd->sizes = kmalloc (minors * sizeof(int), GFP_KERNEL);
+ if(!gd->sizes)
+ goto cleanup_gd_sizes;
gd->part = kmalloc (minors * sizeof(struct hd_struct), GFP_KERNEL);
+ if(!gd->part)
+ goto cleanup_gd_part;
bs = kmalloc (minors*sizeof(int), GFP_KERNEL);
+ if(!bs)
+ goto cleanup_bs;
max_sect = kmalloc (minors*sizeof(int), GFP_KERNEL);
+ if(!max_sect)
+ goto cleanup_max_sect;
max_ra = kmalloc (minors*sizeof(int), GFP_KERNEL);
+ if(!max_ra)
+ goto cleanup_max_ra;
memset(gd->part, 0, minors * sizeof(struct hd_struct));
@@ -779,12 +796,16 @@
gd->real_devices= hwif; /* ptr to internal data */
gd->next = NULL; /* linked list of major devs */
gd->fops = ide_fops; /* file operations */
- gd->de_arr = kmalloc (sizeof *gd->de_arr * units, GFP_KERNEL);
- gd->flags = kmalloc (sizeof *gd->flags * units, GFP_KERNEL);
- if (gd->de_arr)
- memset (gd->de_arr, 0, sizeof *gd->de_arr * units);
- if (gd->flags)
- memset (gd->flags, 0, sizeof *gd->flags * units);
+ if(units) {
+ gd->de_arr = kmalloc (sizeof *gd->de_arr * units, GFP_KERNEL);
+ if(!gd->de_arr)
+ goto cleanup_gd_de_arr;
+ gd->flags = kmalloc (sizeof *gd->flags * units, GFP_KERNEL);
+ if(!gd->flags)
+ goto cleanup_gd_flags;
+ memset(gd->de_arr, 0, sizeof *gd->de_arr * units);
+ memset(gd->flags, 0, sizeof *gd->flags * units);
+ }
for (gdp = &gendisk_head; *gdp; gdp = &((*gdp)->next)) ;
hwif->gd = *gdp = gd; /* link onto tail of list */
@@ -802,6 +823,26 @@
devfs_mk_dir (ide_devfs_handle, name, NULL);
}
}
+ return;
+
+cleanup_gd_flags:
+ kfree(gd->flags);
+cleanup_gd_de_arr:
+ kfree(gd->de_arr);
+cleanup_max_ra:
+ kfree(max_ra);
+cleanup_max_sect:
+ kfree(max_sect);
+cleanup_bs:
+ kfree(bs);
+cleanup_gd_part:
+ kfree(gd->part);
+cleanup_gd_sizes:
+ kfree(gd->sizes);
+cleanup_gd:
+ kfree(gd);
+
+ printk(KERN_ERR "ide-probe: not enough memory for init_gendisk()\n");
}
static int hwif_init (ide_hwif_t *hwif)
--- linux-240t10/drivers/i2o/i2o_config.c Tue Oct 3 00:15:34 2000
+++ linux/drivers/i2o/i2o_config.c Mon Nov 6 22:41:41 2000
@@ -499,6 +499,8 @@
if(!res)
{
i2o_unlock_controller(c);
+ printk(KERN_INFO "i2o_config: could not get res\n");
+ if(kcmd.qlen) kfree(query);
return -ENOMEM;
}
--- linux-240t10/drivers/i2o/i2o_core.c Thu Oct 19 22:05:01 2000
+++ linux/drivers/i2o/i2o_core.c Mon Nov 6 22:49:55 2000
@@ -1664,6 +1664,7 @@
{
printk(KERN_ERR "%s: Timeout waiting for IOP reset.\n",
c->name);
+ kfree(status);
return -ETIMEDOUT;
}
schedule();
--- linux-240t10/drivers/scsi/eata_dma.c Tue Oct 3 14:27:44 2000
+++ linux/drivers/scsi/eata_dma.c Mon Nov 6 23:21:04 2000
@@ -909,8 +909,17 @@
cp = (struct eata_ccb *) kmalloc(sizeof(struct eata_ccb),
GFP_ATOMIC | GFP_DMA);
+ if(!cp) {
+ printk(KERN_ERR "eata_dma: out of DMA memory\n");
+ return NULL;
+ }
sp = (struct eata_sp *) kmalloc(sizeof(struct eata_sp),
GFP_ATOMIC | GFP_DMA);
+ if(!sp) {
+ printk(KERN_ERR "eata_dma: out of DMA memory\n");
+ kfree(cp);
+ return NULL;
+ }
buff = dma_scratch;
@@ -1459,11 +1468,15 @@
tpnt->proc_name = "eata_dma";
status = kmalloc(512, GFP_ATOMIC | GFP_DMA);
+ if(!status) {
+ printk(KERN_ERR "eata_dma: not enough DMA memory to probe for hosts!\n");
+ return 0;
+ }
dma_scratch = kmalloc(1024, GFP_ATOMIC | GFP_DMA);
-
- if(status == NULL || dma_scratch == NULL) {
- printk("eata_dma: can't allocate enough memory to probe for hosts !\n");
- return(0);
+ if(!dma_scratch) {
+ printk(KERN_ERR "eata_dma: not enough DMA memory to probe for hosts!\n");
+ kfree(status);
+ return 0;
}
dma_scratch += 4;
--- linux-240t10/drivers/scsi/hosts.c Tue Oct 31 11:20:15 2000
+++ linux/driver/scsi/hosts.c Mon Nov 6 23:40:45 2000
@@ -168,7 +168,18 @@
retval->loaded_as_module = 1;
if (flag_new) {
shn = (Scsi_Host_Name *) kmalloc(sizeof(Scsi_Host_Name), GFP_ATOMIC);
+ if(!shn) {
+ printk(KERN_ERR "scsi: out of memory in scsi_register\n");
+ kfree(retval);
+ return NULL;
+ }
shn->name = kmalloc(hname_len + 1, GFP_ATOMIC);
+ if(!shn->name) {
+ printk(KERN_ERR "scsi: out of memory in scsi_register\n");
+ kfree(shn);
+ kfree(retval);
+ return NULL;
+ }
if (hname_len > 0)
strncpy(shn->name, hname, hname_len);
shn->name[hname_len] = 0;
--- linux-240t10/drivers/scsi/ips.c Tue Oct 3 14:27:45 2000
+++ linux/drivers/scsi/ips.c Mon Nov 6 23:48:22 2000
@@ -4552,6 +4552,8 @@
/* Allocate memory for the CCBs */
ha->scbs = (ips_scb_t *) kmalloc(ha->max_cmds * sizeof(ips_scb_t), GFP_ATOMIC|GFP_DMA);
+ if(!ha->scbs)
+ return 0;
memset(ha->scbs, 0, ha->max_cmds * sizeof(ips_scb_t));
next reply other threads:[~2000-11-07 23:09 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-07 23:09 Bartlomiej Zolnierkiewicz [this message]
2000-11-07 23:30 ` [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:20 [PATCH] Bartlomiej Zolnierkiewicz
2001-10-25 17:24 [PATCH] Christoph Hellwig
2002-04-15 18:39 [PATCH] Andre Hedrick
2002-04-15 19:09 ` [PATCH] Josh McKinney
2002-04-15 19:16 ` [PATCH] Andre Hedrick
2002-04-15 19:59 ` [PATCH] Andre Hedrick
2002-04-16 3:11 ` [PATCH] Josh McKinney
2002-04-16 4:11 ` [PATCH] Andre Hedrick
2002-04-16 5:53 ` [PATCH] Jens Axboe
2002-04-16 6:51 ` [PATCH] Andre Hedrick
2002-04-16 6:54 ` [PATCH] Jens Axboe
2002-04-16 7:04 ` [PATCH] Andre Hedrick
2002-08-06 23:04 [PATCH] Paul Mackerras
2003-07-30 16:31 [patch] Adrian Bunk
2003-08-11 13:40 [PATCH] davej
2004-08-05 13:51 [PATCH] Michal Ludvig
2004-08-05 14:11 ` [PATCH] James Morris
2004-08-05 19:49 ` [PATCH] Jean-Luc Cooke
2004-08-06 2:47 ` [PATCH] James Morris
2004-08-06 2:03 ` [PATCH] Michael Halcrow
2004-08-06 4:58 ` [PATCH] Linus Torvalds
2004-08-06 13:03 ` [PATCH] Jean-Luc Cooke
2004-08-06 3:36 ` [PATCH] YOSHIFUJI Hideaki / 吉藤英明
2004-08-06 4:21 ` [PATCH] David S. Miller
2004-08-06 4:28 ` [PATCH] Jean-Luc Cooke
2004-08-06 4:42 ` [PATCH] James Morris
2004-08-06 12:54 ` [PATCH] Jean-Luc Cooke
2004-08-06 18:26 ` [PATCH] David S. Miller
2004-08-06 18:36 ` [PATCH] Jean-Luc Cooke
2004-08-06 23:24 ` [PATCH] Matt Mackall
2004-08-07 3:01 ` [PATCH] Jean-Luc Cooke
2004-08-07 22:26 ` [PATCH] Theodore Ts'o
2004-08-08 15:38 ` [PATCH] Jean-Luc Cooke
2004-08-09 18:43 ` [PATCH] Theodore Ts'o
2004-08-09 18:49 ` [PATCH] Jean-Luc Cooke
2004-08-10 0:22 ` [PATCH] Theodore Ts'o
2004-08-10 2:49 [PATCH] Roland McGrath
2004-11-18 20:17 [PATCH] Colin Leroy
2005-06-15 11:41 [PATCH] Jan Beulich
2006-03-10 14:47 [PATCH] Kumar Gala
2006-03-10 15:05 ` [PATCH] Kumar Gala
2006-03-24 23:07 [PATCH] Daniel Walker
2006-03-24 23:19 ` [PATCH] john stultz
2006-03-24 23:22 ` [PATCH] Daniel Walker
2006-07-15 18:43 [PATCH] Chris Boot
2007-02-21 21:23 [PATCH] James Simmons
2007-04-01 18:13 [PATCH 0/16] Assorted patches Jan Engelhardt
2007-04-01 18:15 ` [PATCH 07/16] kconfig-dynamic-frequency.diff Jan Engelhardt
2007-04-01 18:39 ` Kyle Moffett
2007-04-01 18:42 ` Jan Engelhardt
2007-04-01 18:52 ` Kyle Moffett
2007-04-01 19:01 ` Jan Engelhardt
2007-04-01 19:42 ` [PATCH] Kyle Moffett
2007-04-01 19:47 ` [PATCH] Jan Engelhardt
2007-04-01 20:07 ` [PATCH] Kyle Moffett
2007-04-01 23:03 ` [PATCH] Andi Kleen
2007-12-03 15:54 [PATCH] Andries E. Brouwer
2007-12-03 17:06 ` [PATCH] Alan Cox
2008-10-15 7:03 [PATCH] Tim Shimmin
2009-04-07 16:20 [PATCH] Christoph Hellwig
2010-08-14 12:43 [PATCH] Sam Ravnborg
2010-09-19 2:25 [PATCH] Junio C Hamano
2010-09-19 9:54 ` [PATCH] Sam Ravnborg
2010-09-19 18:21 ` [PATCH] Junio C Hamano
2010-09-19 19:31 ` [PATCH] Sam Ravnborg
2010-09-20 12:11 ` [PATCH] Michal Marek
2011-08-11 21:29 [PATCH] Rafael J. Wysocki
2012-03-04 20:34 [PATCH] Stefan Richter
2012-03-04 20:36 ` [PATCH] Stefan Richter
2013-12-24 15:45 [PATCH] Evan Hosseini
2014-01-09 18:27 ` [PATCH] Greg KH
2017-07-09 23:35 [PATCH] armetallica
2017-07-20 15:06 ` [PATCH] Mauro Carvalho Chehab
2017-07-09 23:58 [PATCH] armetallica
2017-07-09 23:54 ` [PATCH] Kershner, David A
2022-02-02 21:26 [PATCH] Sergey Shtylyov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.21.0011080005410.1628-200000@tricky \
--to=dake@staszic.waw.pl \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).