When the scatter list is allocated in 'pmcraid_alloc_sglist()', the
corresponding pointer should be stored in 'scatterlist' within the
'pmcraid_sglist' structure. Otherwise, 'scatterlist' is NULL.
This leads to a potential memory leak and NULL pointer dereference.
Fixes: ed4414cef2ad ("scsi: pmcraid: Use sgl_alloc_order() and sgl_free_order()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
This patch is completely speculative and untested.
Should it be correct, I think that their should be some trouble somewhere.
Either NULL pointer dereference or incorrect behavior.
The patch that introduced this potential bug is from 2018-02. So, this
should have been spotted earlier.
So unless this driver is mostly unused, this looks odd to me.
Feedback appreciated.
Review with care!
v2: synch with -next-20220110
---
drivers/scsi/pmcraid.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
index 928532180d32..e314ea133827 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -3221,8 +3221,9 @@ static struct pmcraid_sglist *pmcraid_alloc_sglist(int buflen)
return NULL;
sglist->order = order;
- sgl_alloc_order(buflen, order, false, GFP_KERNEL | __GFP_ZERO,
- &sglist->num_sg);
+ sglist->scatterlist = sgl_alloc_order(buflen, order, false,
+ GFP_KERNEL | __GFP_ZERO,
+ &sglist->num_sg);
return sglist;
}
--
2.32.0
