From: Sven Schnelle <svens@bitebene.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Boaz Harrosh <bharrosh@panasas.com>,
linux-kernel@vger.kernel.org,
linux-scsi <linux-scsi@vger.kernel.org>,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Subject: Re: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Date: Mon, 10 Mar 2008 22:50:04 +0100 [thread overview]
Message-ID: <86zlt68d0z.fsf@deprecated.bitebene.org> (raw)
In-Reply-To: <1205183577.2941.38.camel@localhost.localdomain> (James Bottomley's message of "Mon, 10 Mar 2008 16:12:57 -0500")
James Bottomley <James.Bottomley@HansenPartnership.com> writes:
> On Mon, 2008-03-10 at 17:20 +0200, Boaz Harrosh wrote:
>> James and linux-scsi CCed.
>
> Looks fine .. could someone send the patch in an applyable form (i.e.
> not quoted).
Sure:
Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).
Signed-off-by: Sven Schnelle <svens@stackframe.org>
---
drivers/scsi/gdth.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 27ebd33..0b2080d 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
if (!scp)
return -ENOMEM;
+ scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
+ if (!scp->sense_buffer) {
+ kfree(scp);
+ return -ENOMEM;
+ }
+
scp->device = sdev;
memset(&cmndinfo, 0, sizeof(cmndinfo));
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
rval = cmndinfo.status;
if (info)
*info = cmndinfo.info;
+ kfree(scp->sense_buffer);
kfree(scp);
return rval;
}
--
1.5.4.3
next prev parent reply other threads:[~2008-03-10 22:15 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-09 12:41 [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Sven Schnelle
2008-03-10 15:20 ` Boaz Harrosh
2008-03-10 21:12 ` James Bottomley
2008-03-10 21:50 ` Sven Schnelle [this message]
2008-03-11 15:47 ` Boaz Harrosh
2008-03-11 16:16 ` Boaz Harrosh
2008-03-11 17:39 ` Matthew Dharm
2008-03-11 18:07 ` Alan Stern
2008-03-11 18:36 ` Boaz Harrosh
2008-03-11 19:18 ` Alan Stern
2008-03-12 13:07 ` Boaz Harrosh
2008-03-12 13:11 ` [PATCH] isd200: Allocate sense_buffer for hacked up scsi_cmnd Boaz Harrosh
2008-03-12 15:10 ` Alan Stern
2008-03-12 15:24 ` [PATCH resend] " Boaz Harrosh
2008-03-12 16:54 ` James Bottomley
2008-03-12 17:05 ` Boaz Harrosh
2008-03-12 17:20 ` [PATCH ver3] " Boaz Harrosh
2008-03-13 20:01 ` Andrew Morton
2008-03-13 20:16 ` James Bottomley
2008-03-12 13:55 ` [PATCH] isd200: Fix memory leak in isd200_get_inquiry_data Boaz Harrosh
2008-03-12 15:11 ` Alan Stern
2008-03-12 15:08 ` [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86zlt68d0z.fsf@deprecated.bitebene.org \
--to=svens@bitebene.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bharrosh@panasas.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox