From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jing Huang <huangj@brocade.com>
Cc: Krishna C Gudipati <kgudipat@brocade.com>,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe()
Date: Wed, 27 Jun 2012 11:59:58 +0300 [thread overview]
Message-ID: <20120627085958.GB31212@elgon.mountain> (raw)
In-Reply-To: <20120627085800.GA3007@mwanda>
If bfad_thread_workq(bfad) was not BFA_STATUS_OK then we freed "im"
and then dereferenced it.
I did a little clean up because it seemed nicer to return directly
instead of doing a superfluous goto. I looked at other functions in
this file and it seems like returning directly is standard.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This is the third time I have sent this patch. It was previously sent
on Fri, 29 Jul 2011 and Wed, 29 Feb 2012.
diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c
index 1ac09af..2eebf8d 100644
--- a/drivers/scsi/bfa/bfad_im.c
+++ b/drivers/scsi/bfa/bfad_im.c
@@ -687,25 +687,21 @@ bfa_status_t
bfad_im_probe(struct bfad_s *bfad)
{
struct bfad_im_s *im;
- bfa_status_t rc = BFA_STATUS_OK;
im = kzalloc(sizeof(struct bfad_im_s), GFP_KERNEL);
- if (im == NULL) {
- rc = BFA_STATUS_ENOMEM;
- goto ext;
- }
+ if (im == NULL)
+ return BFA_STATUS_ENOMEM;
bfad->im = im;
im->bfad = bfad;
if (bfad_thread_workq(bfad) != BFA_STATUS_OK) {
kfree(im);
- rc = BFA_STATUS_FAILED;
+ return BFA_STATUS_FAILED;
}
INIT_WORK(&im->aen_im_notify_work, bfad_aen_im_notify_handler);
-ext:
- return rc;
+ return BFA_STATUS_OK;
}
void
next prev parent reply other threads:[~2012-06-27 8:59 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20120627085800.GA3007@mwanda>
2012-06-27 8:59 ` [patch -resend] [SCSI] bfa: off by one in bfa_ioc_mbox_isr() Dan Carpenter
2012-06-27 17:44 ` Krishna Gudipati
2012-06-27 8:59 ` Dan Carpenter [this message]
2012-06-27 17:45 ` [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() Krishna Gudipati
2012-06-27 9:00 ` [patch -resend] [SCSI] megaraid: remove a spurious IRQ enable Dan Carpenter
2012-06-27 22:36 ` adam radford
2012-06-27 9:00 ` [patch 1/2 -resend] SCSI: advansys: handle errors from scsi_dma_map() Dan Carpenter
2012-06-27 10:01 ` walter harms
2012-06-27 10:15 ` Dan Carpenter
2012-06-27 9:01 ` [patch 2/2 -resend] SCSI: advansys: use a subsystem error code Dan Carpenter
2012-06-27 9:04 ` [patch 1/3 -resend] [SCSI] pmcraid: remove unneeded check Dan Carpenter
2012-06-27 9:04 ` [patch 2/3 -resend] [SCSI] pmcraid: cpu_to_le32() => cpu_to_le64() Dan Carpenter
2012-06-27 9:04 ` [patch 3/3 -resend] [SCSI] pmcraid: find_first_zero_bit() takes bits not bytes Dan Carpenter
2012-06-27 9:05 ` [patch -resend] [SCSI] isci: add a couple __iomem annotations Dan Carpenter
2012-06-27 20:58 ` Dan Williams
2012-06-27 9:05 ` [SCSI] bfa: Implement LUN Masking feature using the SCSI Slave Callouts Dan Carpenter
2012-06-27 9:08 ` [patch -resend] [SCSI] megaraid: cleanup type issue in mega_build_cmd() Dan Carpenter
2012-06-27 22:36 ` adam radford
2012-06-27 9:10 ` [patch -resend] isci: make function declaration match implementation Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120627085958.GB31212@elgon.mountain \
--to=dan.carpenter@oracle.com \
--cc=JBottomley@parallels.com \
--cc=huangj@brocade.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kgudipat@brocade.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox