aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorSven Schnelle <svens@bitebene.org>2008-03-10 22:50:04 +0100
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-03-14 20:31:18 -0500
commit1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 (patch)
tree2106548e1e383f1d8b9e4ade34a232a0469253d0 /drivers
parent4d3995b14ba7abcdd475d17b8751db55d8a95b9e (diff)
downloadkernel_samsung_smdk4412-1b96f8955aaeeb05f7fb7ff548aa12415fbf3904.tar.gz
kernel_samsung_smdk4412-1b96f8955aaeeb05f7fb7ff548aa12415fbf3904.tar.bz2
kernel_samsung_smdk4412-1b96f8955aaeeb05f7fb7ff548aa12415fbf3904.zip
[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/gdth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 27ebd336409..0b2080d3357 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
if (!scp)
return -ENOMEM;
+ scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
+ if (!scp->sense_buffer) {
+ kfree(scp);
+ return -ENOMEM;
+ }
+
scp->device = sdev;
memset(&cmndinfo, 0, sizeof(cmndinfo));
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
rval = cmndinfo.status;
if (info)
*info = cmndinfo.info;
+ kfree(scp->sense_buffer);
kfree(scp);
return rval;
}