Message ID | 20240903185410.21144-1-riyandhiman14@gmail.com |
---|---|
State | New |
Headers | show |
Series | scsi: aacraid: Fix memory leak in open_getadapter_fib function | expand |
On 9/3/24 11:54 AM, Riyan Dhiman wrote: > In the open_getadapter_fib() function, memory allocated for the fibctx structure > was not freed when copy_to_user() failed. This can lead to memory leaks as the > allocated memory remains unreferenced and cannot be reclaimed. > > This patch ensures that the allocated memory for fibctx is properly > freed if copy_to_user() fails, thereby preventing potential memory leaks. What made you analyze the code modified by this patch? How has this patch been tested? > Changes: > - Added kfree(fibctx); to release memory when copy_to_user() fails. Changes compared to what? I don't see a version number in the email subject. > @@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) > if (copy_to_user(arg, &fibctx->unique, > sizeof(fibctx->unique))) { > status = -EFAULT; > + kfree(fibctx); > } else { > status = 0; > } Just above the copy_to_user() call there is the following statement: list_add_tail(&fibctx->next, &dev->fib_list); Does that mean that the above kfree() will cause list corruption? Bart.
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index e7cc927ed952..80838c84b444 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) if (copy_to_user(arg, &fibctx->unique, sizeof(fibctx->unique))) { status = -EFAULT; + kfree(fibctx); } else { status = 0; }
In the open_getadapter_fib() function, memory allocated for the fibctx structure was not freed when copy_to_user() failed. This can lead to memory leaks as the allocated memory remains unreferenced and cannot be reclaimed. This patch ensures that the allocated memory for fibctx is properly freed if copy_to_user() fails, thereby preventing potential memory leaks. Changes: - Added kfree(fibctx); to release memory when copy_to_user() fails. Signed-off-by: Riyan Dhiman <riyandhiman14@gmail.com> --- drivers/scsi/aacraid/commctrl.c | 1 + 1 file changed, 1 insertion(+)