git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 35e1a5d)
[SCSI] Fix protection scsi_data_buffer leak
authorMartin K. Petersen <martin.petersen@oracle.com>
Fri, 18 Sep 2009 21:33:01 +0000 (17:33 -0400)
committerJames Bottomley <James.Bottomley@suse.de>
Fri, 2 Oct 2009 14:46:52 +0000 (09:46 -0500)
We would leak a scsi_data_buffer if the free_list command was of the
protected variety.

Reported-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
drivers/scsi/scsi.c patch | blob | history

diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index b6e0307..dd098ca 100644 (file)
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -241,10 +241,7 @@ scsi_host_alloc_command(struct Scsi_Host *shost, gfp_t gfp_mask)
  */
 struct scsi_cmnd *__scsi_get_command(struct Scsi_Host *shost, gfp_t gfp_mask)
 {
-       struct scsi_cmnd *cmd;
-       unsigned char *buf;
-
-       cmd = scsi_host_alloc_command(shost, gfp_mask);
+       struct scsi_cmnd *cmd = scsi_host_alloc_command(shost, gfp_mask);
 
        if (unlikely(!cmd)) {
                unsigned long flags;
@@ -258,9 +255,15 @@ struct scsi_cmnd *__scsi_get_command(struct Scsi_Host *shost, gfp_t gfp_mask)
                spin_unlock_irqrestore(&shost->free_list_lock, flags);
 
                if (cmd) {
+                       void *buf, *prot;
+
                        buf = cmd->sense_buffer;
+                       prot = cmd->prot_sdb;
+
                        memset(cmd, 0, sizeof(*cmd));
+
                        cmd->sense_buffer = buf;
+                       cmd->prot_sdb = prot;
                }
        }
 
Pandora Kernel Repository