-----Original Message----- From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx] Sent: Wednesday, June 27, 2012 2:00 AM To: Jing Huang Cc: Krishna Gudipati; James E.J. Bottomley; linux-scsi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; kernel-janitors@xxxxxxxxxxxxxxx Subject: [patch -resend] [SCSI] bfa: dereferencing freed memory in bfad_im_probe() If bfad_thread_workq(bfad) was not BFA_STATUS_OK then we freed "im" and then dereferenced it. I did a little clean up because it seemed nicer to return directly instead of doing a superfluous goto. I looked at other functions in this file and it seems like returning directly is standard. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> --- This is the third time I have sent this patch. It was previously sent on Fri, 29 Jul 2011 and Wed, 29 Feb 2012. diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c index 1ac09af..2eebf8d 100644 --- a/drivers/scsi/bfa/bfad_im.c +++ b/drivers/scsi/bfa/bfad_im.c @@ -687,25 +687,21 @@ bfa_status_t bfad_im_probe(struct bfad_s *bfad) { struct bfad_im_s *im; - bfa_status_t rc = BFA_STATUS_OK; im = kzalloc(sizeof(struct bfad_im_s), GFP_KERNEL); - if (im == NULL) { - rc = BFA_STATUS_ENOMEM; - goto ext; - } + if (im == NULL) + return BFA_STATUS_ENOMEM; bfad->im = im; im->bfad = bfad; if (bfad_thread_workq(bfad) != BFA_STATUS_OK) { kfree(im); - rc = BFA_STATUS_FAILED; + return BFA_STATUS_FAILED; } INIT_WORK(&im->aen_im_notify_work, bfad_aen_im_notify_handler); -ext: - return rc; + return BFA_STATUS_OK; } void ----- Thanks for the patch. Acked-by: Krishna Gudipati <kgudipat@xxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
