lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 08 Mar 2013 18:25:00 -0500
From:	Douglas Gilbert <dgilbert@...erlog.com>
To:	James Bottomley <James.Bottomley@...senPartnership.com>
CC:	Dan Carpenter <dan.carpenter@...cle.com>,
	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] [SCSI] scsi_transport_sas: check for allocation failure

On 13-03-08 05:50 PM, James Bottomley wrote:
> On Fri, 2013-03-08 at 12:57 -0500, Douglas Gilbert wrote:
>> On 13-03-08 07:02 AM, Dan Carpenter wrote:
>>> Static checkers complain that this allocation isn't checked.  We
>>> should return zero if the allocation fails.
>>>
>>> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
>>>
>>> diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c
>>> index 1b68142..a022997 100644
>>> --- a/drivers/scsi/scsi_transport_sas.c
>>> +++ b/drivers/scsi/scsi_transport_sas.c
>>> @@ -379,9 +379,12 @@ sas_tlr_supported(struct scsi_device *sdev)
>>>    {
>>>    	const int vpd_len = 32;
>>>    	struct sas_end_device *rdev = sas_sdev_to_rdev(sdev);
>>> -	char *buffer = kzalloc(vpd_len, GFP_KERNEL);
>>> +	char *buffer;
>>>    	int ret = 0;
>>>
>>> +	buffer = kzalloc(vpd_len, GFP_KERNEL);
>>> +	if (!buffer)
>>> +		goto out;
>>>    	if (scsi_get_vpd_page(sdev, 0x90, buffer, vpd_len))
>>>    		goto out;
>>>
>>
>> For 32 bytes, why not use the stack?
>
> Because the buffer is a DMA target.  You can't DMA to stack because of
> padding and cacheline issues.

And I went to the definition of scsi_get_vpd_page()
to see if that was called out in the header comments.
Guess what ... and those same header comments talked
about freeing a returned pointer. It needs to be
cleaned up, IMO.

Doug Gilbert

/**
  * scsi_get_vpd_page - Get Vital Product Data from a SCSI device
  * @sdev: The device to ask
  * @page: Which Vital Product Data to return
  * @buf: where to store the VPD
  * @buf_len: number of bytes in the VPD buffer area
  *
  * SCSI devices may optionally supply Vital Product Data.  Each 'page'
  * of VPD is defined in the appropriate SCSI document (eg SPC, SBC).
  * If the device supports this VPD page, this routine returns a pointer
  * to a buffer containing the data from that page.  The caller is
  * responsible for calling kfree() on this pointer when it is no longer
  * needed.  If we cannot retrieve the VPD page this routine returns %NULL.
  */
int scsi_get_vpd_page(struct scsi_device *sdev, u8 page, unsigned char *buf,
                       int buf_len)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ