diff mbox series

scsi: aacraid: Fix memory leak in open_getadapter_fib function

Message ID 20240903185410.21144-1-riyandhiman14@gmail.com
State New
Headers show
Series scsi: aacraid: Fix memory leak in open_getadapter_fib function | expand

Commit Message

Riyan Dhiman Sept. 3, 2024, 6:54 p.m. UTC
In the open_getadapter_fib() function, memory allocated for the fibctx structure
was not freed when copy_to_user() failed. This can lead to memory leaks as the 
allocated memory remains unreferenced and cannot be reclaimed.

This patch ensures that the allocated memory for fibctx is properly
freed if copy_to_user() fails, thereby preventing potential memory leaks.

Changes:
- Added kfree(fibctx); to release memory when copy_to_user() fails.

Signed-off-by: Riyan Dhiman <riyandhiman14@gmail.com>
---
 drivers/scsi/aacraid/commctrl.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Bart Van Assche Sept. 3, 2024, 7:18 p.m. UTC | #1
On 9/3/24 11:54 AM, Riyan Dhiman wrote:
> In the open_getadapter_fib() function, memory allocated for the fibctx structure
> was not freed when copy_to_user() failed. This can lead to memory leaks as the
> allocated memory remains unreferenced and cannot be reclaimed.
> 
> This patch ensures that the allocated memory for fibctx is properly
> freed if copy_to_user() fails, thereby preventing potential memory leaks.

What made you analyze the code modified by this patch?

How has this patch been tested?

> Changes:
> - Added kfree(fibctx); to release memory when copy_to_user() fails.

Changes compared to what? I don't see a version number in the email
subject.

> @@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg)
>   		if (copy_to_user(arg, &fibctx->unique,
>   						sizeof(fibctx->unique))) {
>   			status = -EFAULT;
> +			kfree(fibctx);
>   		} else {
>   			status = 0;
>   		}

Just above the copy_to_user() call there is the following statement:

	list_add_tail(&fibctx->next, &dev->fib_list);

Does that mean that the above kfree() will cause list corruption?

Bart.
diff mbox series

Patch

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index e7cc927ed952..80838c84b444 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -220,6 +220,7 @@  static int open_getadapter_fib(struct aac_dev * dev, void __user *arg)
 		if (copy_to_user(arg, &fibctx->unique,
 						sizeof(fibctx->unique))) {
 			status = -EFAULT;
+			kfree(fibctx);
 		} else {
 			status = 0;
 		}