aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSven Schnelle <svens@bitebene.org>2008-03-10 17:50:04 -0400
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-03-14 21:31:18 -0400
commit1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 (patch)
tree2106548e1e383f1d8b9e4ade34a232a0469253d0
parent4d3995b14ba7abcdd475d17b8751db55d8a95b9e (diff)
[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r--drivers/scsi/gdth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 27ebd336409b..0b2080d33575 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
493 if (!scp) 493 if (!scp)
494 return -ENOMEM; 494 return -ENOMEM;
495 495
496 scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
497 if (!scp->sense_buffer) {
498 kfree(scp);
499 return -ENOMEM;
500 }
501
496 scp->device = sdev; 502 scp->device = sdev;
497 memset(&cmndinfo, 0, sizeof(cmndinfo)); 503 memset(&cmndinfo, 0, sizeof(cmndinfo));
498 504
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
513 rval = cmndinfo.status; 519 rval = cmndinfo.status;
514 if (info) 520 if (info)
515 *info = cmndinfo.info; 521 *info = cmndinfo.info;
522 kfree(scp->sense_buffer);
516 kfree(scp); 523 kfree(scp);
517 return rval; 524 return rval;
518} 525}