Re: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sven Schnelle <svens@bitebene.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Boaz Harrosh <bharrosh@panasas.com>,
	linux-kernel@vger.kernel.org,
	linux-scsi <linux-scsi@vger.kernel.org>,
	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Subject: Re: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Date: Mon, 10 Mar 2008 22:50:04 +0100	[thread overview]
Message-ID: <86zlt68d0z.fsf@deprecated.bitebene.org> (raw)
In-Reply-To: <1205183577.2941.38.camel@localhost.localdomain> (James Bottomley's message of "Mon, 10 Mar 2008 16:12:57 -0500")

James Bottomley <James.Bottomley@HansenPartnership.com> writes:

> On Mon, 2008-03-10 at 17:20 +0200, Boaz Harrosh wrote:
>> James and linux-scsi CCed.
>
> Looks fine .. could someone send the patch in an applyable form (i.e.
> not quoted).

Sure:

Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).

Signed-off-by: Sven Schnelle <svens@stackframe.org>
---
 drivers/scsi/gdth.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 27ebd33..0b2080d 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
     if (!scp)
         return -ENOMEM;
 
+    scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
+    if (!scp->sense_buffer) {
+	kfree(scp);
+	return -ENOMEM;
+    }
+
     scp->device = sdev;
     memset(&cmndinfo, 0, sizeof(cmndinfo));
 
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
     rval = cmndinfo.status;
     if (info)
         *info = cmndinfo.info;
+    kfree(scp->sense_buffer);
     kfree(scp);
     return rval;
 }
-- 
1.5.4.3

next prev parent reply	other threads:[~2008-03-10 21:50 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-09 12:41 [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Sven Schnelle
2008-03-10 15:20 ` Boaz Harrosh
2008-03-10 21:12   ` James Bottomley
2008-03-10 21:50     ` Sven Schnelle [this message]
2008-03-11 15:47       ` Boaz Harrosh
2008-03-11 16:16     ` Boaz Harrosh
2008-03-11 17:39       ` Matthew Dharm
2008-03-11 18:07       ` Alan Stern
2008-03-11 18:07         ` Alan Stern
2008-03-11 18:36         ` Boaz Harrosh
2008-03-11 19:18           ` Alan Stern
2008-03-11 19:18             ` Alan Stern
2008-03-12 13:07             ` Boaz Harrosh
2008-03-12 13:11               ` [PATCH] isd200: Allocate sense_buffer for hacked up scsi_cmnd Boaz Harrosh
2008-03-12 15:10                 ` Alan Stern
2008-03-12 15:10                   ` Alan Stern
2008-03-12 15:24                   ` [PATCH resend] " Boaz Harrosh
2008-03-12 16:54                     ` James Bottomley
2008-03-12 17:05                       ` Boaz Harrosh
2008-03-12 17:20                         ` [PATCH ver3] " Boaz Harrosh
2008-03-13 20:01                           ` Andrew Morton
2008-03-13 20:16                             ` James Bottomley
2008-03-12 13:55               ` [PATCH] isd200: Fix memory leak in isd200_get_inquiry_data Boaz Harrosh
2008-03-12 15:11                 ` Alan Stern
2008-03-12 15:11                   ` Alan Stern
2008-03-12 15:08               ` [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Alan Stern
2008-03-12 15:08                 ` Alan Stern

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:27ebd33 dfblob:0b2080d )
 OR (
bs:"Re: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=86zlt68d0z.fsf@deprecated.bitebene.org \
    --to=svens@bitebene.org \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=bharrosh@panasas.com \
    --cc=fujita.tomonori@lab.ntt.co.jp \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.