Re: [PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function

[Bart Van Assche]

On 9/3/24 11:54 AM, Riyan Dhiman wrote:
> In the open_getadapter_fib() function, memory allocated for the fibctx structure
> was not freed when copy_to_user() failed. This can lead to memory leaks as the
> allocated memory remains unreferenced and cannot be reclaimed.
>
> This patch ensures that the allocated memory for fibctx is properly
> freed if copy_to_user() fails, thereby preventing potential memory leaks.

What made you analyze the code modified by this patch?

How has this patch been tested?

> Changes:
> - Added kfree(fibctx); to release memory when copy_to_user() fails.

Changes compared to what? I don't see a version number in the email
subject.

> @@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg)
>   		if (copy_to_user(arg, &fibctx->unique,
>   						sizeof(fibctx->unique))) {
>   			status = -EFAULT;
> +			kfree(fibctx);
>   		} else {
>   			status = 0;
>   		}

Just above the copy_to_user() call there is the following statement:

	list_add_tail(&fibctx->next, &dev->fib_list);

Does that mean that the above kfree() will cause list corruption?

Bart.