The patch titled
fix unlikely memory leak in DAC960 driver
has been removed from the -mm tree. Its filename is
fix-unlikely-memory-leak-in-dac960-driver.patch
This patch was probably dropped from -mm because
it has now been merged into a subsystem tree or
into Linus's tree, or because it was folded into
its parent patch in the -mm tree.
------------------------------------------------------
Subject: fix unlikely memory leak in DAC960 driver
From: Jesper Juhl <jesper.juhl@xxxxxxxxx>
The Coverity checker found a memory leak (bug nr. 1245) in
drivers/block/DAC960.c::DAC960_V2_ProcessCompletedCommand()
The leak is pretty unlikely since it requires that the first of two
successive kmalloc() calls fail while the second one succeeds. But it can
still happen even if it's unlikely.
If the first call that allocates 'PhysicalDeviceInfo' fails but the one
that allocates 'InquiryUnitSerialNumber' succeeds, then we will leak the
memory allocated to 'InquiryUnitSerialNumber' when the variable goes out of
scope.
A simple fix for this is to change the existing code that frees
'PhysicalDeviceInfo' if that one was allocated but
'InquiryUnitSerialNumber' was not, into a check for either pointer being
NULL and if so just free both. This is safe since kfree() can deal with
being passed a NULL pointer and it avoids the leak.
While I was there I also removed the casts of the kmalloc() return value
since it's pointless. I also updated the driver version since this patch
changes the workings of the code (however slightly).
This issue could probably be fixed a lot more elegantly, but the code is a
big mess IMHO and I just took the least intrusive route to a fix that I
could find instead of starting on a cleanup as well (that can come later).
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
drivers/block/DAC960.c | 13 +++++++------
1 files changed, 7 insertions(+), 6 deletions(-)
diff -puN drivers/block/DAC960.c~fix-unlikely-memory-leak-in-dac960-driver drivers/block/DAC960.c
--- devel/drivers/block/DAC960.c~fix-unlikely-memory-leak-in-dac960-driver 2006-05-14 02:40:07.000000000 -0700
+++ devel-akpm/drivers/block/DAC960.c 2006-05-14 02:40:07.000000000 -0700
@@ -17,8 +17,8 @@
*/
-#define DAC960_DriverVersion "2.5.47"
-#define DAC960_DriverDate "14 November 2002"
+#define DAC960_DriverVersion "2.5.48"
+#define DAC960_DriverDate "14 May 2006"
#include <linux/module.h>
@@ -4780,15 +4780,16 @@ static void DAC960_V2_ProcessCompletedCo
(NewPhysicalDeviceInfo->LogicalUnit !=
PhysicalDeviceInfo->LogicalUnit))
{
- PhysicalDeviceInfo = (DAC960_V2_PhysicalDeviceInfo_T *)
+ PhysicalDeviceInfo =
kmalloc(sizeof(DAC960_V2_PhysicalDeviceInfo_T), GFP_ATOMIC);
InquiryUnitSerialNumber =
- (DAC960_SCSI_Inquiry_UnitSerialNumber_T *)
kmalloc(sizeof(DAC960_SCSI_Inquiry_UnitSerialNumber_T),
GFP_ATOMIC);
- if (InquiryUnitSerialNumber == NULL &&
- PhysicalDeviceInfo != NULL)
+ if (InquiryUnitSerialNumber == NULL ||
+ PhysicalDeviceInfo == NULL)
{
+ kfree(InquiryUnitSerialNumber);
+ InquiryUnitSerialNumber = NULL;
kfree(PhysicalDeviceInfo);
PhysicalDeviceInfo = NULL;
}
_
Patches currently in -mm which might be from jesper.juhl@xxxxxxxxx are
origin.patch
git-infiniband.patch
fix-mem-leak-in-sidewinder-driver.patch
git-mtd.patch
small-whitespace-cleanup-for-qlogic-driver.patch
add-scsi_add_host-failure-handling-for-nsp32.patch
xtensa-remove-verify_area-macros.patch
oss-cs46xx-cleanup-and-tiny-bugfix.patch
i4l-memory-leak-fix-for-sc_ioctl.patch
isdn-unsafe-interaction-between-isdn_write-and-isdn_writebuf_stub.patch
isdn-unsafe-interaction-between-isdn_write-and-isdn_writebuf_stub-fix.patch
binfmt_elf-codingstyle-cleanup-and-remove-some-pointless-casts.patch
binfnt_elf-remove-more-casts.patch
ensure-null-deref-cant-possibly-happen-in-is_exported.patch
bluetooth-fix-potential-null-ptr-deref-in-dtl1_cscdtl1_hci_send_frame.patch
pnp-card_probe-fix-memory-leak.patch
moxa-remove-pointless-casts.patch
moxa-remove-pointless-check-of-tty-argument-vs-null.patch
moxa-partial-codingstyle-cleanup-spelling-fixes.patch
debug-shared-irqs.patch
remove-redundant-null-checks-before-free-in-fs.patch
remove-redundant-null-checks-before-free-in-kernel.patch
remove-redundant-null-checks-before-free-in-drivers.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
