[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
parent
4d3995b14b
commit
1b96f8955a
@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
|
||||
if (!scp)
|
||||
return -ENOMEM;
|
||||
|
||||
scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
|
||||
if (!scp->sense_buffer) {
|
||||
kfree(scp);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
scp->device = sdev;
|
||||
memset(&cmndinfo, 0, sizeof(cmndinfo));
|
||||
|
||||
@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
|
||||
rval = cmndinfo.status;
|
||||
if (info)
|
||||
*info = cmndinfo.info;
|
||||
kfree(scp->sense_buffer);
|
||||
kfree(scp);
|
||||
return rval;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user