Commit 1b96f895 authored by Sven Schnelle's avatar Sven Schnelle Committed by James Bottomley

[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference

Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).
Signed-off-by: default avatarSven Schnelle <svens@stackframe.org>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
parent 4d3995b1
...@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, ...@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
if (!scp) if (!scp)
return -ENOMEM; return -ENOMEM;
scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
if (!scp->sense_buffer) {
kfree(scp);
return -ENOMEM;
}
scp->device = sdev; scp->device = sdev;
memset(&cmndinfo, 0, sizeof(cmndinfo)); memset(&cmndinfo, 0, sizeof(cmndinfo));
...@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, ...@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
rval = cmndinfo.status; rval = cmndinfo.status;
if (info) if (info)
*info = cmndinfo.info; *info = cmndinfo.info;
kfree(scp->sense_buffer);
kfree(scp); kfree(scp);
return rval; return rval;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment