* [2.4] Memleak/unchecked user access in Megaraid driver?
@ 2003-03-12 20:59 Oleg Drokin
0 siblings, 0 replies; only message in thread
From: Oleg Drokin @ 2003-03-12 20:59 UTC (permalink / raw)
To: alan, linux-kernel, Matt_Domsch
Hello!
Seems there is a memleak on exit path and unchecked user addresses access
in megaraid driver from 2.4-current.
Probably something like following patch should be applied (probably
somebody should review it first anyway, I do not have ability to test it,
but it looks correct to me).
Found with help of smatch + enhanced unfree script.
Bye,
Oleg
===== drivers/scsi/megaraid.c 1.21 vs edited =====
--- 1.21/drivers/scsi/megaraid.c Fri Dec 13 12:29:59 2002
+++ edited/drivers/scsi/megaraid.c Wed Mar 12 23:59:09 2003
@@ -4895,19 +4895,18 @@
if( kvaddr == NULL ) {
printk(KERN_WARNING "megaraid:allocation failed\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) /*0x20400 */
- kfree(scsicmd);
-#else
- scsi_init_free((char *)scsicmd, sizeof(Scsi_Cmnd));
-#endif
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto out;
}
ioc.ui.fcs.buffer = kvaddr;
if (inlen) {
/* copyin the user data */
- copy_from_user(kvaddr, (char *)uaddr, length );
+ if (copy_from_user(kvaddr, (char *)uaddr, length )) {
+ ret = -EFAULT;
+ goto out;
+ }
}
}
@@ -4925,7 +4924,8 @@
if( !scsicmd->result && outlen ) {
if (copy_to_user(uaddr, kvaddr, length))
- return -EFAULT;
+ ret = -EFAULT;
+ goto out;
}
/*
@@ -4944,6 +4944,7 @@
put_user (scsicmd->result, &uioc->mbox[17]);
}
+out:
if (kvaddr) {
dma_free_consistent(pdevp, length, kvaddr, dma_addr);
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-03-12 20:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-12 20:59 [2.4] Memleak/unchecked user access in Megaraid driver? Oleg Drokin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.