From: Sven Schnelle Date: Mon, 10 Mar 2008 21:50:04 +0000 (+0100) Subject: [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1b96f8955aaeeb05f7fb7ff548aa12415fbf3904;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 27ebd336409b..0b2080d33575 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, if (!scp) return -ENOMEM; + scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL); + if (!scp->sense_buffer) { + kfree(scp); + return -ENOMEM; + } + scp->device = sdev; memset(&cmndinfo, 0, sizeof(cmndinfo)); @@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, rval = cmndinfo.status; if (info) *info = cmndinfo.info; + kfree(scp->sense_buffer); kfree(scp); return rval; }