Hello!
Seems there is a memleak on exit path and unchecked user addresses access
in megaraid driver from 2.4-current.
Probably something like following patch should be applied (probably
somebody should review it first anyway, I do not have ability to test it,
but it looks correct to me).
Found with help of smatch + enhanced unfree script.
Bye,
Oleg
===== drivers/scsi/megaraid.c 1.21 vs edited =====
--- 1.21/drivers/scsi/megaraid.c Fri Dec 13 12:29:59 2002
+++ edited/drivers/scsi/megaraid.c Wed Mar 12 23:59:09 2003
@@ -4895,19 +4895,18 @@
if( kvaddr == NULL ) {
printk(KERN_WARNING "megaraid:allocation failed\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) /*0x20400 */
- kfree(scsicmd);
-#else
- scsi_init_free((char *)scsicmd, sizeof(Scsi_Cmnd));
-#endif
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto out;
}
ioc.ui.fcs.buffer = kvaddr;
if (inlen) {
/* copyin the user data */
- copy_from_user(kvaddr, (char *)uaddr, length );
+ if (copy_from_user(kvaddr, (char *)uaddr, length )) {
+ ret = -EFAULT;
+ goto out;
+ }
}
}
@@ -4925,7 +4924,8 @@
if( !scsicmd->result && outlen ) {
if (copy_to_user(uaddr, kvaddr, length))
- return -EFAULT;
+ ret = -EFAULT;
+ goto out;
}
/*
@@ -4944,6 +4944,7 @@
put_user (scsicmd->result, &uioc->mbox[17]);
}
+out:
if (kvaddr) {
dma_free_consistent(pdevp, length, kvaddr, dma_addr);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 15 2003 - 22:00:32 EST