aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Blunck <j.blunck@tu-harburg.de>2005-08-27 14:07:52 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-08-27 14:22:27 -0400
commit729d70f5dfd663b44bca68a4479c96bde7e535d6 (patch)
treef92ee98a709264984ef6e3e8d6c3ee4f3462797f
parent8126fdbc76351bdf99c6737ef4fecf88a22fa538 (diff)
[PATCH] sg.c: fix a memory leak in devices seq_file implementation
I know that scsi procfs is legacy code but this is a fix for a memory leak. While reading through sg.c I realized that the implementation of /proc/scsi/sg/devices with seq_file is leaking memory due to freeing the pointer returned by the next() iterator method. Since next() might return NULL or an error this is wrong. This patch fixes it through using the seq_files private field for holding the reference to the iterator object. Here is a small bash script to trigger the leak. Use slabtop to watch the size-32 usage grow and grow. #!/bin/sh while true; do cat /proc/scsi/sg/devices > /dev/null done Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de> Acked-by: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--drivers/scsi/sg.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 51292f269ce5..e822ca0e97cf 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -2971,23 +2971,22 @@ static void * dev_seq_start(struct seq_file *s, loff_t *pos)
2971{ 2971{
2972 struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL); 2972 struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
2973 2973
2974 s->private = it;
2974 if (! it) 2975 if (! it)
2975 return NULL; 2976 return NULL;
2977
2976 if (NULL == sg_dev_arr) 2978 if (NULL == sg_dev_arr)
2977 goto err1; 2979 return NULL;
2978 it->index = *pos; 2980 it->index = *pos;
2979 it->max = sg_last_dev(); 2981 it->max = sg_last_dev();
2980 if (it->index >= it->max) 2982 if (it->index >= it->max)
2981 goto err1; 2983 return NULL;
2982 return it; 2984 return it;
2983err1:
2984 kfree(it);
2985 return NULL;
2986} 2985}
2987 2986
2988static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos) 2987static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
2989{ 2988{
2990 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v; 2989 struct sg_proc_deviter * it = s->private;
2991 2990
2992 *pos = ++it->index; 2991 *pos = ++it->index;
2993 return (it->index < it->max) ? it : NULL; 2992 return (it->index < it->max) ? it : NULL;
@@ -2995,7 +2994,7 @@ static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
2995 2994
2996static void dev_seq_stop(struct seq_file *s, void *v) 2995static void dev_seq_stop(struct seq_file *s, void *v)
2997{ 2996{
2998 kfree (v); 2997 kfree(s->private);
2999} 2998}
3000 2999
3001static int sg_proc_open_dev(struct inode *inode, struct file *file) 3000static int sg_proc_open_dev(struct inode *inode, struct file *file)