On Thu, 2012-02-23 at 17:28 -0800, Roland Dreier wrote: > From: Roland Dreier <roland@xxxxxxxxxxxxxxx> > > The function kzalloc()s sgl, but if page allocation fails, it never > frees sgl on the page_alloc_failed path. > > Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx> > --- > drivers/target/iscsi/iscsi_target.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c > index 9cd2837..529bf3b 100644 > --- a/drivers/target/iscsi/iscsi_target.c > +++ b/drivers/target/iscsi/iscsi_target.c > @@ -830,6 +830,7 @@ page_alloc_failed: > __free_page(sg_page(&sgl[i])); > i--; > } > + kfree(sgl); > kfree(cmd->t_mem_sg); > cmd->t_mem_sg = NULL; > return -ENOMEM; This looks like a double free here on the second failure of iscsit_allocate_iovecs(). Fixing this up now to drop the extra bogus kfree(cmd->t_mem_sg) here.. --nab -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
