[PATCH] scsi: megaraid_mm: do not access uninit kioc_list members

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



adapter->kioc_list is allocated using kmalloc_array() so its values are
left uninitialized. In a rare OOM case when dma_pool_alloc() fails in
mraid_mm_register_adp(), we should free the already allocated DMA pools
but comparing kioc->pthru32 with NULL doesn't guard from accessing uninit
memory.

Properly roll back in error case: free array members with lower indices.

Found by Linux Verification Center (linuxtesting.org).

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>
---
 drivers/scsi/megaraid/megaraid_mm.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_mm.c b/drivers/scsi/megaraid/megaraid_mm.c
index c509440bd161..701eb5ee2a69 100644
--- a/drivers/scsi/megaraid/megaraid_mm.c
+++ b/drivers/scsi/megaraid/megaraid_mm.c
@@ -1001,12 +1001,10 @@ mraid_mm_register_adp(mraid_mmadp_t *lld_adp)
 
 pthru_dma_pool_error:
 
-	for (i = 0; i < lld_adp->max_kioc; i++) {
+	while (--i >= 0) {
 		kioc = adapter->kioc_list + i;
-		if (kioc->pthru32) {
-			dma_pool_free(adapter->pthru_dma_pool, kioc->pthru32,
-				kioc->pthru32_h);
-		}
+		dma_pool_free(adapter->pthru_dma_pool, kioc->pthru32,
+			kioc->pthru32_h);
 	}
 
 memalloc_error:
-- 
2.43.0





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux