Re: [PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function

From: Bart Van Assche
Date: Tue Sep 03 2024 - 15:19:14 EST


On 9/3/24 11:54 AM, Riyan Dhiman wrote:
In the open_getadapter_fib() function, memory allocated for the fibctx structure
was not freed when copy_to_user() failed. This can lead to memory leaks as the
allocated memory remains unreferenced and cannot be reclaimed.

This patch ensures that the allocated memory for fibctx is properly
freed if copy_to_user() fails, thereby preventing potential memory leaks.

What made you analyze the code modified by this patch?

How has this patch been tested?

Changes:
- Added kfree(fibctx); to release memory when copy_to_user() fails.

Changes compared to what? I don't see a version number in the email
subject.

@@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg)
if (copy_to_user(arg, &fibctx->unique,
sizeof(fibctx->unique))) {
status = -EFAULT;
+ kfree(fibctx);
} else {
status = 0;
}

Just above the copy_to_user() call there is the following statement:

list_add_tail(&fibctx->next, &dev->fib_list);

Does that mean that the above kfree() will cause list corruption?

Bart.