Re: [PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function

From: Bart Van Assche
Date: Tue Sep 03 2024 - 17:09:26 EST

Next message: Andi Shyti: "Re: [PATCH v2 0/7] i2c: designware: Group all DesignWare drivers under a single option"
Previous message: Andi Shyti: "Re: [PATCH v3 4/4] i2c: imx: prevent rescheduling in non dma mode"
In reply to: Riyan Dhiman: "[PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function"
Next in thread: Riyan Dhiman: "[PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/3/24 1:30 PM, Riyan Dhiman wrote:

Just above the copy_to_user() call there is the following statement:

list_add_tail(&fibctx->next, &dev->fib_list);

Does that mean that the above kfree() will cause list corruption?

Yes, you are correct. I overlooked that fibctx is part of a list, and freeing the
memory without removing the list entry would corrupt the list.
The list entry should be deleted before freeing the memory if copy_to_user() fails.

Are you sure that this is what the code should do?

Thanks,

Bart.

Next message: Andi Shyti: "Re: [PATCH v2 0/7] i2c: designware: Group all DesignWare drivers under a single option"
Previous message: Andi Shyti: "Re: [PATCH v3 4/4] i2c: imx: prevent rescheduling in non dma mode"
In reply to: Riyan Dhiman: "[PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function"
Next in thread: Riyan Dhiman: "[PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]