Re: two leaks in scsi_alloc_sdev failure paths

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Brian King <brking@us.ibm.com>
To: Dave Jones <davej@redhat.com>
Cc: linux-scsi@vger.kernel.org
Subject: Re: two leaks in scsi_alloc_sdev failure paths
Date: Thu, 09 Mar 2006 09:07:34 -0600	[thread overview]
Message-ID: <441044B6.3000802@us.ibm.com> (raw)
In-Reply-To: <20060309033620.GA19906@redhat.com>

Dave Jones wrote:
> If the scsi_alloc_queue or the slave_alloc calls in scsi_alloc_device fail,
> we forget to release the locally allocated sdev on the failure path.

Actually, I think the slave_alloc failure path works today, and this patch
breaks it. Today, in the slave_alloc failure path, the release function called
as a result of the put_device in out_device_destroy should end up freeing the
sdev. Your patch will result in a double free in this path.

> --- linux-2.6/drivers/scsi/scsi_scan.c~	2006-03-08 22:28:50.000000000 -0500
> +++ linux-2.6/drivers/scsi/scsi_scan.c	2006-03-08 22:31:38.000000000 -0500
> @@ -252,7 +252,7 @@ static struct scsi_device *scsi_alloc_sd
>  		/* release fn is set up in scsi_sysfs_device_initialise, so
>  		 * have to free and put manually here */
>  		put_device(&starget->dev);
> -		goto out;
> +		goto out_free;

Rather than this change, I think just adding a kfree(sdev) before the goto out would
accomplish what you want.

Brian

-- 
Brian King
eServer Storage I/O
IBM Linux Technology Center

next prev parent reply	other threads:[~2006-03-09 15:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-09  3:36 two leaks in scsi_alloc_sdev failure paths Dave Jones
2006-03-09 15:07 ` Brian King [this message]
2006-03-09 15:21   ` Dave Jones

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=441044B6.3000802@us.ibm.com \
    --to=brking@us.ibm.com \
    --cc=davej@redhat.com \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.