diff options
author | Sven Schnelle <svens@bitebene.org> | 2008-03-11 00:50:04 +0300 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2008-03-15 04:31:18 +0300 |
commit | 1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 (patch) | |
tree | 2106548e1e383f1d8b9e4ade34a232a0469253d0 /drivers/scsi/gdth.c | |
parent | 4d3995b14ba7abcdd475d17b8751db55d8a95b9e (diff) | |
download | linux-1b96f8955aaeeb05f7fb7ff548aa12415fbf3904.tar.xz |
[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/scsi/gdth.c')
-rw-r--r-- | drivers/scsi/gdth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 27ebd336409b..0b2080d33575 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, if (!scp) return -ENOMEM; + scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL); + if (!scp->sense_buffer) { + kfree(scp); + return -ENOMEM; + } + scp->device = sdev; memset(&cmndinfo, 0, sizeof(cmndinfo)); @@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, rval = cmndinfo.status; if (info) *info = cmndinfo.info; + kfree(scp->sense_buffer); kfree(scp); return rval; } |