[PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd)
       [not found] <20050826191755.052951000@localhost.localdomain>
@ 2005-08-26 19:18 ` Chris Wright
  2005-08-27  2:19   ` James Bottomley
  0 siblings, 1 reply; 3+ messages in thread
From: Chris Wright @ 2005-08-26 19:18 UTC (permalink / raw)
  To: linux-kernel, stable, Ingo Oeser
  Cc: Justin Forbes, Zwane Mwaikambo, Theodore Ts'o, Randy Dunlap,
	Chuck Wolber, torvalds, akpm, alan, linux-scsi, Jan Blunck,
	Chris Wright

[-- Attachment #1: fix-memory-leak-in-sg.c-seq_file.patch --]
[-- Type: text/plain, Size: 2004 bytes --]

-stable review patch.  If anyone has any  objections, please let us know.
------------------

I know that scsi procfs is legacy code but this is a fix for a memory leak.

While reading through sg.c I realized that the implementation of
/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
pointer returned by the next() iterator method. Since next() might
return NULL or an error this is wrong. This patch fixes it through using
the seq_files private field for holding the reference to the iterator
object.

Here is a small bash script to trigger the leak. Use slabtop to watch
the size-32 usage grow and grow.

#!/bin/sh

while true; do
	cat /proc/scsi/sg/devices > /dev/null
done

Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
 drivers/scsi/sg.c |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)

Index: linux-2.6.12.y/drivers/scsi/sg.c
===================================================================
--- linux-2.6.12.y.orig/drivers/scsi/sg.c
+++ linux-2.6.12.y/drivers/scsi/sg.c
@@ -2969,23 +2969,22 @@ static void * dev_seq_start(struct seq_f
 {
 	struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
 
+	s->private = it;
 	if (! it)
 		return NULL;
+
 	if (NULL == sg_dev_arr)
-		goto err1;
+		return NULL;
 	it->index = *pos;
 	it->max = sg_last_dev();
 	if (it->index >= it->max)
-		goto err1;
+		return NULL;
 	return it;
-err1:
-	kfree(it);
-	return NULL;
 }
 
 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
 {
-	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
+	struct sg_proc_deviter * it = s->private;
 
 	*pos = ++it->index;
 	return (it->index < it->max) ? it : NULL;
@@ -2993,7 +2992,9 @@ static void * dev_seq_next(struct seq_fi
 
 static void dev_seq_stop(struct seq_file *s, void *v)
 {
-	kfree (v);
+	struct sg_proc_deviter * it = s->private;
+
+	kfree (it);
 }
 
 static int sg_proc_open_dev(struct inode *inode, struct file *file)

--

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd)
  2005-08-26 19:18 ` [PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd) Chris Wright
@ 2005-08-27  2:19   ` James Bottomley
  2005-09-25  3:50     ` Douglas Gilbert
  0 siblings, 1 reply; 3+ messages in thread
From: James Bottomley @ 2005-08-27  2:19 UTC (permalink / raw)
  To: Chris Wright
  Cc: Linux Kernel, stable, Ingo Oeser, Justin Forbes, Zwane Mwaikambo,
	Theodore Ts'o, Randy Dunlap, Chuck Wolber, Linus Torvalds,
	Andrew Morton, Alan Cox, SCSI Mailing List, Jan Blunck

On Fri, 2005-08-26 at 12:18 -0700, Chris Wright wrote:
> plain text document attachment (fix-memory-leak-in-sg.c-
> seq_file.patch)
> -stable review patch.  If anyone has any  objections, please let us know.

Looks fine to me.

James



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd)
  2005-08-27  2:19   ` James Bottomley
@ 2005-09-25  3:50     ` Douglas Gilbert
  0 siblings, 0 replies; 3+ messages in thread
From: Douglas Gilbert @ 2005-09-25  3:50 UTC (permalink / raw)
  To: James Bottomley
  Cc: Chris Wright, Linux Kernel, stable, Ingo Oeser, Justin Forbes,
	Zwane Mwaikambo, Theodore Ts'o, Randy Dunlap, Chuck Wolber,
	Linus Torvalds, Andrew Morton, Alan Cox, SCSI Mailing List,
	Jan Blunck

James Bottomley wrote:
> On Fri, 2005-08-26 at 12:18 -0700, Chris Wright wrote:
> 
>>plain text document attachment (fix-memory-leak-in-sg.c-
>>seq_file.patch)
>>-stable review patch.  If anyone has any  objections, please let us know.
> 
> 
> Looks fine to me.

James,
Please apply this patch, if you haven't already.

Signed-off-by: Douglas Gilbert <dougg@torque.net>

Doug Gilbert


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2005-09-25  3:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20050826191755.052951000@localhost.localdomain>
2005-08-26 19:18 ` [PATCH 6/7] [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd) Chris Wright
2005-08-27  2:19   ` James Bottomley
2005-09-25  3:50     ` Douglas Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).