From: Sven Schnelle Date: Mon, 10 Mar 2008 21:50:04 +0000 (+0100) Subject: [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference X-Git-Tag: v2.6.25-rc7~58^2~4 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=1b96f8955aaeeb05f7fb7ff548aa12415fbf3904;p=linux-2.6-omap-h63xx.git [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 27ebd336409..0b2080d3357 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, if (!scp) return -ENOMEM; + scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL); + if (!scp->sense_buffer) { + kfree(scp); + return -ENOMEM; + } + scp->device = sdev; memset(&cmndinfo, 0, sizeof(cmndinfo)); @@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, rval = cmndinfo.status; if (info) *info = cmndinfo.info; + kfree(scp->sense_buffer); kfree(scp); return rval; }