[Bug 60649] New: mpt3sas/mpt3sas_scsih.c: mem leak on error path

bugzilla-daemon@xxxxxxxxxxxxxxxxxxx · Mon, 29 Jul 2013 20:18:11 +0000

https://bugzilla.kernel.org/show_bug.cgi?id=60649

            Bug ID: 60649
           Summary: mpt3sas/mpt3sas_scsih.c: mem leak on error path
           Product: SCSI Drivers
           Version: 2.5
    Kernel Version: 3.11rc2
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: scsi_drivers-other@xxxxxxxxxxxxxxxxxxxx
          Reporter: mikko.rapeli@xxxxxx
        Regression: No

Coverity reports in CID 751482:

2510mpt3sas_send_trigger_data_event(struct MPT3SAS_ADAPTER *ioc,
2511        struct SL_WH_TRIGGERS_EVENT_DATA_T *event_data)
2512{
2513        struct fw_event_work *fw_event;
2514
        1. Condition "ioc->is_driver_loading", taking false branch
2515        if (ioc->is_driver_loading)
2516                return;
        2. alloc_fn: Storage is returned from allocation function
"kzalloc(size_t, gfp_t)". [show details]
        3. var_assign: Assigning: "fw_event" = storage returned from
"kzalloc(352UL, 32U)".
2517        fw_event = kzalloc(sizeof(struct fw_event_work), GFP_ATOMIC);
        4. Condition "!fw_event", taking false branch
2518        if (!fw_event)
2519                return;
2520        fw_event->event_data = kzalloc(sizeof(*event_data), GFP_ATOMIC);
        5. Condition "!fw_event->event_data", taking true branch
2521        if (!fw_event->event_data)

CID 751482 (#1 of 1): Resource leak (RESOURCE_LEAK)
6. leaked_storage: Variable "fw_event" going out of scope leaks the storage it
points to.
2522                return;

Fix should be something like:

--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -2518,8 +2518,10 @@ mpt3sas_send_trigger_data_event(struct MPT3SAS_ADAPTER
*ioc,
        if (!fw_event)
                return;
        fw_event->event_data = kzalloc(sizeof(*event_data), GFP_ATOMIC);
-       if (!fw_event->event_data)
+       if (!fw_event->event_data) {
+               kfree(fw_event);
                return;
+       }
        fw_event->event = MPT3SAS_PROCESS_TRIGGER_DIAG;
        fw_event->ioc = ioc;
        memcpy(fw_event->event_data, event_data, sizeof(*event_data));

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







