* [2.4] Memleak/unchecked user access in Megaraid driver?
@ 2003-03-12 20:59 Oleg Drokin
0 siblings, 0 replies; only message in thread
From: Oleg Drokin @ 2003-03-12 20:59 UTC (permalink / raw)
To: alan, linux-kernel, Matt_Domsch
Hello!
Seems there is a memleak on exit path and unchecked user addresses access
in megaraid driver from 2.4-current.
Probably something like following patch should be applied (probably
somebody should review it first anyway, I do not have ability to test it,
but it looks correct to me).
Found with help of smatch + enhanced unfree script.
Bye,
Oleg
===== drivers/scsi/megaraid.c 1.21 vs edited =====
--- 1.21/drivers/scsi/megaraid.c Fri Dec 13 12:29:59 2002
+++ edited/drivers/scsi/megaraid.c Wed Mar 12 23:59:09 2003
@@ -4895,19 +4895,18 @@
if( kvaddr == NULL ) {
printk(KERN_WARNING "megaraid:allocation failed\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) /*0x20400 */
- kfree(scsicmd);
-#else
- scsi_init_free((char *)scsicmd, sizeof(Scsi_Cmnd));
-#endif
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto out;
}
ioc.ui.fcs.buffer = kvaddr;
if (inlen) {
/* copyin the user data */
- copy_from_user(kvaddr, (char *)uaddr, length );
+ if (copy_from_user(kvaddr, (char *)uaddr, length )) {
+ ret = -EFAULT;
+ goto out;
+ }
}
}
@@ -4925,7 +4924,8 @@
if( !scsicmd->result && outlen ) {
if (copy_to_user(uaddr, kvaddr, length))
- return -EFAULT;
+ ret = -EFAULT;
+ goto out;
}
/*
@@ -4944,6 +4944,7 @@
put_user (scsicmd->result, &uioc->mbox[17]);
}
+out:
if (kvaddr) {
dma_free_consistent(pdevp, length, kvaddr, dma_addr);
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-03-12 20:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-12 20:59 [2.4] Memleak/unchecked user access in Megaraid driver? Oleg Drokin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox