]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()
authorJesper Juhl <jj@chaosbits.net>
Sun, 8 Jan 2012 21:44:19 +0000 (22:44 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sun, 8 Jan 2012 22:15:21 +0000 (14:15 -0800)
commit7dd72f5189b257f927cc3b35d98643a5c392f5c3
treecce91f10a85be94d7a1ee21ead4547642f6f6336
parent48fa57ac2c30a8a0b770b7ad50b4b30c1d12f005
drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb()

We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() :

We allocate memory:

...
struct user_sgmap* usg;
usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
  + sizeof(struct sgmap), GFP_KERNEL);

and then neglect to free it:

...
for (i = 0; i < usg->count; i++) {
u64 addr;
void* p;
if (usg->sg[i].count >
    ((dev->adapter_info.options &
     AAC_OPT_NEW_COMM) ?
      (dev->scsi_host_ptr->max_sectors << 9) :
      65536)) {
rcode = -EINVAL;
goto cleanup;
... this 'goto' makes 'usg' go out of scope and leak the memory we
    allocated.

Other exits properly kfree(usg), it's just here it is neglected.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/scsi/aacraid/commctrl.c