| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Aug 2016 11:56:44 +0200
From: SF Markus Elfring <elfring@...rs.sourceforge.net>
To: esc.storagedev@...rosemi.com, iss_storagedev@...com,
linux-scsi@...r.kernel.org, Don Brace <don.brace@...rosemi.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org,
Julia Lawall <julia.lawall@...6.fr>
Subject: [PATCH 2/5] block-cciss: Less function calls in cciss_bigpassthru()
after error detection
From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Wed, 17 Aug 2016 22:39:31 +0200
The kfree() function was called in a few cases by the
cciss_bigpassthru() function during error handling
even if a passed variable contained a null pointer.
Adjust jump targets according to the Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
drivers/block/cciss.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
index e044342..43ac632 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
@@ -1593,26 +1593,26 @@ static int cciss_bigpassthru(ctlr_info_t *h, void __user *argp)
if ((ioc->buf_size < 1) &&
(ioc->Request.Type.Direction != XFER_NONE)) {
status = -EINVAL;
- goto cleanup1;
+ goto free_ioc;
}
/* Check kmalloc limits using all SGs */
if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
status = -EINVAL;
- goto cleanup1;
+ goto free_ioc;
}
if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
status = -EINVAL;
- goto cleanup1;
- }
- buff = kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
- if (!buff) {
- status = -ENOMEM;
- goto cleanup1;
+ goto free_ioc;
}
buff_size = kmalloc(MAXSGENTRIES * sizeof(int), GFP_KERNEL);
if (!buff_size) {
status = -ENOMEM;
- goto cleanup1;
+ goto free_ioc;
+ }
+ buff = kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
+ if (!buff) {
+ status = -ENOMEM;
+ goto free_size;
}
left = ioc->buf_size;
data_ptr = ioc->buf;
@@ -1622,12 +1622,12 @@ static int cciss_bigpassthru(ctlr_info_t *h, void __user *argp)
buff[sg_used] = kmalloc(sz, GFP_KERNEL);
if (buff[sg_used] == NULL) {
status = -ENOMEM;
- goto cleanup1;
+ goto free_buffer;
}
if (ioc->Request.Type.Direction == XFER_WRITE) {
if (copy_from_user(buff[sg_used], data_ptr, sz)) {
status = -EFAULT;
- goto cleanup1;
+ goto free_buffer;
}
} else {
memset(buff[sg_used], 0, sz);
@@ -1639,7 +1639,7 @@ static int cciss_bigpassthru(ctlr_info_t *h, void __user *argp)
c = cmd_special_alloc(h);
if (!c) {
status = -ENOMEM;
- goto cleanup1;
+ goto free_buffer;
}
c->cmd_type = CMD_IOCTL_PEND;
c->Header.ReplyQueue = 0;
@@ -1674,7 +1674,7 @@ static int cciss_bigpassthru(ctlr_info_t *h, void __user *argp)
if (copy_to_user(argp, ioc, sizeof(*ioc))) {
cmd_special_free(h, c);
status = -EFAULT;
- goto cleanup1;
+ goto free_buffer;
}
if (ioc->Request.Type.Direction == XFER_READ) {
/* Copy the data out of the buffer we created */
@@ -1683,20 +1683,20 @@ static int cciss_bigpassthru(ctlr_info_t *h, void __user *argp)
if (copy_to_user(ptr, buff[i], buff_size[i])) {
cmd_special_free(h, c);
status = -EFAULT;
- goto cleanup1;
+ goto free_buffer;
}
ptr += buff_size[i];
}
}
cmd_special_free(h, c);
status = 0;
-cleanup1:
- if (buff) {
- for (i = 0; i < sg_used; i++)
- kfree(buff[i]);
- kfree(buff);
- }
+free_buffer:
+ for (i = 0; i < sg_used; i++)
+ kfree(buff[i]);
+ kfree(buff);
+free_size:
kfree(buff_size);
+free_ioc:
kfree(ioc);
return status;
}
--
2.9.3
Powered by blists - more mailing lists