projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29753fc)
s390/dasd: fix memleak in path handling error case
authorStefan Haberland <sth@linux.ibm.com>
Thu, 19 Dec 2019 08:43:51 +0000 (09:43 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Jan 2020 11:12:00 +0000 (12:12 +0100)
[ Upstream commit 00b39f698a4f1ee897227cace2e3937fc4412270 ]

If for whatever reason the dasd_eckd_check_characteristics() function
exits after at least some paths have their configuration data
allocated those data is never freed again. In the error case the
device->private pointer is set to NULL and dasd_eckd_uncheck_device()
will exit without freeing the path data because of this NULL pointer.

Fix by calling dasd_eckd_clear_conf_data() for error cases.

Also use dasd_eckd_clear_conf_data() in dasd_eckd_uncheck_device()
to avoid code duplication.

Reported-by: Qian Cai <cai@lca.pw>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/s390/block/dasd_eckd.c patch | blob | blame | history

diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index 81359312a98753c80a42c9a86c2b1dad5057c54a..aa651403546ff41e879b64e6fe66c4e78c075b5b 100644 (file)
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -1768,7 +1768,7 @@ out_err2:
        dasd_free_block(device->block);
        device->block = NULL;
 out_err1:
-       kfree(private->conf_data);
+       dasd_eckd_clear_conf_data(device);
        kfree(device->private);
        device->private = NULL;
        return rc;
@@ -1777,7 +1777,6 @@ out_err1:
 static void dasd_eckd_uncheck_device(struct dasd_device *device)
 {
        struct dasd_eckd_private *private = device->private;
-       int i;
 
        if (!private)
                return;
@@ -1787,21 +1786,7 @@ static void dasd_eckd_uncheck_device(struct dasd_device *device)
        private->sneq = NULL;
        private->vdsneq = NULL;
        private->gneq = NULL;
-       private->conf_len = 0;
-       for (i = 0; i < 8; i++) {
-               kfree(device->path[i].conf_data);
-               if ((__u8 *)device->path[i].conf_data ==
-                   private->conf_data) {
-                       private->conf_data = NULL;
-                       private->conf_len = 0;
-               }
-               device->path[i].conf_data = NULL;
-               device->path[i].cssid = 0;
-               device->path[i].ssid = 0;
-               device->path[i].chpid = 0;
-       }
-       kfree(private->conf_data);
-       private->conf_data = NULL;
+       dasd_eckd_clear_conf_data(device);
 }
 
 static struct dasd_ccw_req *