- gdth-allocate-sense_buffer-to-prevent-null-pointer-dereference.patch removed from -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Mon, 17 Mar 2008 14:00:43 -0700

The patch titled
     gdth: allocate sense_buffer to prevent NULL pointer dereference
has been removed from the -mm tree.  Its filename was
     gdth-allocate-sense_buffer-to-prevent-null-pointer-dereference.patch

This patch was dropped because it was merged into mainline or a subsystem tree

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: gdth: allocate sense_buffer to prevent NULL pointer dereference
From: Sven Schnelle <svens@xxxxxxxxxxxxxx>

This fixes a NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer.  The rest of the
code assumes that sense_buffer is allocated, which leads to a kernel oops e.g.
 on reboot (during cache flush).

So we have two choices here:

a) Allocate the sense_buffer
b) surrounding all accesses to sense_buffer with some if (!internal_command)

I'm using solution a, as this keeps code simpler.

Signed-off-by: Sven Schnelle <svens@xxxxxxxxxxxxxx>
Cc: Boaz Harrosh <bharrosh@xxxxxxxxxxx>
Cc: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 drivers/scsi/gdth.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff -puN drivers/scsi/gdth.c~gdth-allocate-sense_buffer-to-prevent-null-pointer-dereference drivers/scsi/gdth.c

--- a/drivers/scsi/gdth.c~gdth-allocate-sense_buffer-to-prevent-null-pointer-dereference
+++ a/drivers/scsi/gdth.c
@@ -452,6 +452,12 @@ int __gdth_execute(struct scsi_device *s
     if (!scp)
         return -ENOMEM;
 
+    scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
+    if (!scp->sense_buffer) {
+	kfree(scp);
+	return -ENOMEM;
+    }
+
     scp->device = sdev;
     memset(&cmndinfo, 0, sizeof(cmndinfo));
 
@@ -472,6 +478,7 @@ int __gdth_execute(struct scsi_device *s
     rval = cmndinfo.status;
     if (info)
         *info = cmndinfo.info;
+    kfree(scp->sense_buffer);
     kfree(scp);
     return rval;
 }
_

Patches currently in -mm which might be from svens@xxxxxxxxxxxxxx are

git-scsi-rc-fixes.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




