From 6ded575e90eb1a599bfeecd8b8d4f15b80394a51 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 10 Dec 2012 00:14:48 +0000 Subject: [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries (Closes: #688198) svn path=/dists/sid/linux/; revision=19600 --- debian/changelog | 2 + ...-leak-if-SGL-has-zero-length-entries.patch | 39 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 42 insertions(+) create mode 100644 debian/patches/bugfix/all/megaraid_sas-fix-memory-leak-if-SGL-has-zero-length-entries.patch diff --git a/debian/changelog b/debian/changelog index a8ccadf7d..23b697169 100644 --- a/debian/changelog +++ b/debian/changelog @@ -124,6 +124,8 @@ linux (3.2.35-1) UNRELEASED; urgency=low - hrtimer: Raise softirq if hrtimer irq stalled - rcu: Disable RCU_FAST_NO_HZ on RT - net: netfilter: Serialize xt_write_recseq sections on RT + * megaraid_sas: fix memory leak if SGL has zero length entries + (Closes: #688198) [ Ian Campbell ] * [xen] add support for microcode updating. (Closes: #693053) diff --git a/debian/patches/bugfix/all/megaraid_sas-fix-memory-leak-if-SGL-has-zero-length-entries.patch b/debian/patches/bugfix/all/megaraid_sas-fix-memory-leak-if-SGL-has-zero-length-entries.patch new file mode 100644 index 000000000..5e6772a8f --- /dev/null +++ b/debian/patches/bugfix/all/megaraid_sas-fix-memory-leak-if-SGL-has-zero-length-entries.patch @@ -0,0 +1,39 @@ +From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= +Date: Wed, 21 Nov 2012 09:54:48 +0100 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Subject: [PATCH] megaraid_sas: fix memory leak if SGL has zero length entries +Content-Transfer-Encoding: 8bit + +commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user +supplied length before passing it to dma_alloc_coherent()) +introduced a memory leak. Memory allocated for entries +following zero length SGL entries will not be freed. + +Reference: http://bugs.debian.org/688198 +Cc: +Signed-off-by: Bjørn Mork +Acked-by: Adam Radford +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -4886,10 +4886,12 @@ megasas_mgmt_fw_ioctl(struct megasas_ins + sense, sense_handle); + } + +- for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) { +- dma_free_coherent(&instance->pdev->dev, +- kern_sge32[i].length, +- kbuff_arr[i], kern_sge32[i].phys_addr); ++ for (i = 0; i < ioc->sge_count; i++) { ++ if (kbuff_arr[i]) ++ dma_free_coherent(&instance->pdev->dev, ++ kern_sge32[i].length, ++ kbuff_arr[i], ++ kern_sge32[i].phys_addr); + } + + megasas_return_cmd(instance, cmd); diff --git a/debian/patches/series b/debian/patches/series index bf13511dd..f3fc0c3c1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -430,3 +430,4 @@ bugfix/all/kmod-introduce-call_modprobe-helper.patch bugfix/all/kmod-make-__request_module-killable.patch bugfix/all/exec-do-not-leave-bprm-interp-on-stack.patch bugfix/all/exec-use-ELOOP-for-max-recursion-depth.patch +bugfix/all/megaraid_sas-fix-memory-leak-if-SGL-has-zero-length-entries.patch