From: Jesper Juhl <jj@xxxxxxxxxxxxx> Subject: drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb() We leak in drivers/scsi/aacraid/commctrl.c::aac_send_raw_srb() : We allocate memory: ... struct user_sgmap* usg; usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) + sizeof(struct sgmap), GFP_KERNEL); and then neglect to free it: ... for (i = 0; i < usg->count; i++) { u64 addr; void* p; if (usg->sg[i].count > ((dev->adapter_info.options & AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { rcode = -EINVAL; goto cleanup; ... this 'goto' makes 'usg' go out of scope and leak the memory we allocated. Other exits properly kfree(usg), it's just here it is neglected. Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx> Cc: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> Acked-by: Mark Salyzyn <mark_salyzyn@xxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/scsi/aacraid/commctrl.c | 1 + 1 file changed, 1 insertion(+) diff -puN drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb drivers/scsi/aacraid/commctrl.c --- a/drivers/scsi/aacraid/commctrl.c~drivers-scsi-aacraid-commctrlc-fix-mem-leak-in-aac_send_raw_srb +++ a/drivers/scsi/aacraid/commctrl.c @@ -650,6 +650,7 @@ static int aac_send_raw_srb(struct aac_d AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { + kfree(usg); rcode = -EINVAL; goto cleanup; } _ -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html