* [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries
@ 2012-11-21 8:54 Bjørn Mork
2012-12-04 1:49 ` adam radford
2013-06-29 14:15 ` Bjørn Mork
0 siblings, 2 replies; 3+ messages in thread
From: Bjørn Mork @ 2012-11-21 8:54 UTC (permalink / raw)
To: Neela Syam Kolli
Cc: James E.J. Bottomley, linux-scsi, Bjørn Mork, stable
commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
supplied length before passing it to dma_alloc_coherent())
introduced a memory leak. Memory allocated for entries
following zero length SGL entries will not be freed.
Reference: http://bugs.debian.org/688198
Cc: <stable@vger.kernel.org>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
---
drivers/scsi/megaraid/megaraid_sas_base.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index d2c5366..12b6be4 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -4854,10 +4854,12 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
sense, sense_handle);
}
- for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
- dma_free_coherent(&instance->pdev->dev,
- kern_sge32[i].length,
- kbuff_arr[i], kern_sge32[i].phys_addr);
+ for (i = 0; i < ioc->sge_count; i++) {
+ if (kbuff_arr[i])
+ dma_free_coherent(&instance->pdev->dev,
+ kern_sge32[i].length,
+ kbuff_arr[i],
+ kern_sge32[i].phys_addr);
}
megasas_return_cmd(instance, cmd);
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries
2012-11-21 8:54 [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries Bjørn Mork
@ 2012-12-04 1:49 ` adam radford
2013-06-29 14:15 ` Bjørn Mork
1 sibling, 0 replies; 3+ messages in thread
From: adam radford @ 2012-12-04 1:49 UTC (permalink / raw)
To: Bjørn Mork
Cc: Neela Syam Kolli, James E.J. Bottomley, linux-scsi, stable
On Wed, Nov 21, 2012 at 12:54 AM, Bjørn Mork <bjorn@mork.no> wrote:
> commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
> supplied length before passing it to dma_alloc_coherent())
> introduced a memory leak. Memory allocated for entries
> following zero length SGL entries will not be freed.
>
> Reference: http://bugs.debian.org/688198
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Bjørn Mork <bjorn@mork.no>
> ---
> drivers/scsi/megaraid/megaraid_sas_base.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
> index d2c5366..12b6be4 100644
> --- a/drivers/scsi/megaraid/megaraid_sas_base.c
> +++ b/drivers/scsi/megaraid/megaraid_sas_base.c
> @@ -4854,10 +4854,12 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
> sense, sense_handle);
> }
>
> - for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
> - dma_free_coherent(&instance->pdev->dev,
> - kern_sge32[i].length,
> - kbuff_arr[i], kern_sge32[i].phys_addr);
> + for (i = 0; i < ioc->sge_count; i++) {
> + if (kbuff_arr[i])
> + dma_free_coherent(&instance->pdev->dev,
> + kern_sge32[i].length,
> + kbuff_arr[i],
> + kern_sge32[i].phys_addr);
> }
>
> megasas_return_cmd(instance, cmd);
Acked-by: Adam Radford <aradford@gmail.com>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries
2012-11-21 8:54 [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries Bjørn Mork
2012-12-04 1:49 ` adam radford
@ 2013-06-29 14:15 ` Bjørn Mork
1 sibling, 0 replies; 3+ messages in thread
From: Bjørn Mork @ 2013-06-29 14:15 UTC (permalink / raw)
To: Neela Syam Kolli; +Cc: James E.J. Bottomley, linux-scsi, stable, Adam Radford
Bjørn Mork <bjorn@mork.no> writes:
> commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
> supplied length before passing it to dma_alloc_coherent())
> introduced a memory leak. Memory allocated for entries
> following zero length SGL entries will not be freed.
>
> Reference: http://bugs.debian.org/688198
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Bjørn Mork <bjorn@mork.no>
> ---
> drivers/scsi/megaraid/megaraid_sas_base.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
> index d2c5366..12b6be4 100644
> --- a/drivers/scsi/megaraid/megaraid_sas_base.c
> +++ b/drivers/scsi/megaraid/megaraid_sas_base.c
> @@ -4854,10 +4854,12 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
> sense, sense_handle);
> }
>
> - for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
> - dma_free_coherent(&instance->pdev->dev,
> - kern_sge32[i].length,
> - kbuff_arr[i], kern_sge32[i].phys_addr);
> + for (i = 0; i < ioc->sge_count; i++) {
> + if (kbuff_arr[i])
> + dma_free_coherent(&instance->pdev->dev,
> + kern_sge32[i].length,
> + kbuff_arr[i],
> + kern_sge32[i].phys_addr);
> }
>
> megasas_return_cmd(instance, cmd);
This patch was acked by Adam Radford 4 Dec 2012:
http://permalink.gmane.org/gmane.linux.kernel.stable/36537
but it looks like it got lost somewhere after that.
Please let me know asap if it should be resent. I'm otherwise going to
clean it out of my todo queue.
Bjørn
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-06-29 14:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-11-21 8:54 [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries Bjørn Mork
2012-12-04 1:49 ` adam radford
2013-06-29 14:15 ` Bjørn Mork
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).