> -----Original Message----- > From: Julia Lawall [mailto:julia@xxxxxxx] > Sent: Saturday, July 09, 2011 3:23 PM > To: Hank Janssen > Cc: kernel-janitors@xxxxxxxxxxxxxxx; Haiyang Zhang; Greg Kroah-Hartman; KY > Srinivasan; Abhishek Kane (Mindtree Consulting PVT LTD); > devel@xxxxxxxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx > Subject: [PATCH] drivers/staging/hv/blkvsc_drv.c: eliminate NULL pointer > dereference > > From: Julia Lawall <julia@xxxxxxx> > > In this code, blkvsc_req is allocated in the cache blkdev->request_pool, > but freed in the first case to the cache blkvsc_req->dev->request_pool. > blkvsc_req->dev is subsequently initialized to blkdev, making these the > same at the second call to kmem_cache_free. But at the point of the first > call, blkvsc_req->dev is NULL. The second call is changed too, for > uniformity. > > The semantic patch that fixes this problem is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > expression x,e,e1,e2,e3; > @@ > > x = \(kmem_cache_alloc\|kmem_cache_zalloc\)(e1,e2) > ... when != x = e > ( > kmem_cache_free(e1,x); > | > ?-kmem_cache_free(e3,x); > +kmem_cache_free(e1,x); > ) > // </smpl> > > Signed-off-by: Julia Lawall <julia@xxxxxxx> > > --- > drivers/staging/hv/blkvsc_drv.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff -u -p a/drivers/staging/hv/blkvsc_drv.c b/drivers/staging/hv/blkvsc_drv.c > --- a/drivers/staging/hv/blkvsc_drv.c > +++ b/drivers/staging/hv/blkvsc_drv.c > @@ -325,7 +325,7 @@ static int blkvsc_do_operation(struct bl > > page_buf = alloc_page(GFP_KERNEL); > if (!page_buf) { > - kmem_cache_free(blkvsc_req->dev->request_pool, > blkvsc_req); > + kmem_cache_free(blkdev->request_pool, blkvsc_req); > return -ENOMEM; > } > > @@ -422,7 +422,7 @@ cleanup: > > __free_page(page_buf); > > - kmem_cache_free(blkvsc_req->dev->request_pool, blkvsc_req); > + kmem_cache_free(blkdev->request_pool, blkvsc_req); > > return ret; > } > Thank you for catching this. As you know, this driver is going away. Some weeks ago, I had submitted patches to handle the IDE devices (the ones currently handled by this driver) with the stor driver. Greg, I am in the process of re-spinning all the patches I had sent in June, based on your comments last week. If you are going to be applying this patch, please let me know, I can locally apply this and correctly re-base my patches. Regards, K. Y -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
