diff options
author | Sven Schnelle <svens@bitebene.org> | 2008-03-10 17:50:04 -0400 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2008-03-14 21:31:18 -0400 |
commit | 1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 (patch) | |
tree | 2106548e1e383f1d8b9e4ade34a232a0469253d0 | |
parent | 4d3995b14ba7abcdd475d17b8751db55d8a95b9e (diff) |
[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | drivers/scsi/gdth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 27ebd336409b..0b2080d33575 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c | |||
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, | |||
493 | if (!scp) | 493 | if (!scp) |
494 | return -ENOMEM; | 494 | return -ENOMEM; |
495 | 495 | ||
496 | scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL); | ||
497 | if (!scp->sense_buffer) { | ||
498 | kfree(scp); | ||
499 | return -ENOMEM; | ||
500 | } | ||
501 | |||
496 | scp->device = sdev; | 502 | scp->device = sdev; |
497 | memset(&cmndinfo, 0, sizeof(cmndinfo)); | 503 | memset(&cmndinfo, 0, sizeof(cmndinfo)); |
498 | 504 | ||
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, | |||
513 | rval = cmndinfo.status; | 519 | rval = cmndinfo.status; |
514 | if (info) | 520 | if (info) |
515 | *info = cmndinfo.info; | 521 | *info = cmndinfo.info; |
522 | kfree(scp->sense_buffer); | ||
516 | kfree(scp); | 523 | kfree(scp); |
517 | return rval; | 524 | return rval; |
518 | } | 525 | } |