From patchwork Mon Jun 4 08:04:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Le Moal X-Patchwork-Id: 10446081 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 46F7260284 for ; Mon, 4 Jun 2018 08:04:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 39C8B28B38 for ; Mon, 4 Jun 2018 08:04:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C08B28B40; Mon, 4 Jun 2018 08:04:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C106428B38 for ; Mon, 4 Jun 2018 08:04:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751835AbeFDIEU (ORCPT ); Mon, 4 Jun 2018 04:04:20 -0400 Received: from esa6.hgst.iphmx.com ([216.71.154.45]:31194 "EHLO esa6.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751649AbeFDIET (ORCPT ); Mon, 4 Jun 2018 04:04:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1528099459; x=1559635459; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=21yrsAqcoHiXZS82yngFlgciY8REN0M8zvt6tBEQArQ=; b=kZZftkQHHW+8/9u/vgcZXMhM1AFoEoZgT8cmKPNSbT1Lu+qE/aaTEGqu P6A4mQtK133Z1jUhw3wrlWWAEbwsRvHtueAC5elb8/jT/lC52p5ri0D4U Kdfbc5mZs2CLC00Qx6FyxJqv/LsDl3yFUV69OLu3B6u/ZmcorhSIkoseG PqKWk6D7VH12tBDXMWg4xaq/gFcMLdKU4mElmTMaKAuquD2Pvz+5xUiLL KOnxOS+tr1LNT2fUd9JoHn4v/jKyT1n4NlGIElW5mrV9olq7uyA35w9BM enVHI7Abs1db0Iz4gCBFIJUKQXFBNasJ2fYJns3J776jwlrUTmaBu6PpL g==; X-IronPort-AV: E=Sophos;i="5.49,476,1520870400"; d="scan'208";a="80565709" Received: from uls-op-cesaip01.wdc.com (HELO uls-op-cesaep01.wdc.com) ([199.255.45.14]) by ob1.hgst.iphmx.com with ESMTP; 04 Jun 2018 16:04:19 +0800 Received: from uls-op-cesaip02.wdc.com ([10.248.3.37]) by uls-op-cesaep01.wdc.com with ESMTP; 04 Jun 2018 00:54:52 -0700 Received: from washi.fujisawa.hgst.com ([10.149.53.254]) by uls-op-cesaip02.wdc.com with ESMTP; 04 Jun 2018 01:04:18 -0700 From: Damien Le Moal To: linux-scsi@vger.kernel.org, "Martin K . Petersen" Cc: stable@vger.kernel.org, Greg Kroah-Hartman , Bart Van Assche , Hannes Reinecke Subject: [PATCH v2 1/2] scsi: sd_zbc: Fix potential memory leak Date: Mon, 4 Jun 2018 17:04:12 +0900 Message-Id: <20180604080413.30747-2-damien.lemoal@wdc.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180604080413.30747-1-damien.lemoal@wdc.com> References: <20180604080413.30747-1-damien.lemoal@wdc.com> Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP [Backport of upstream commit 4b433924b2755a94f99258c178684a0e05c344de] Rework sd_zbc_check_zone_size() to avoid a memory leak due to an early return if sd_zbc_report_zones() fails. Signed-off-by: Damien Le Moal Cc: stable@vger.kernel.org # 4.14 --- drivers/scsi/sd_zbc.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index 2eb61d54bbb4..bc3cb81a9c7d 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -425,7 +425,7 @@ static int sd_zbc_check_capacity(struct scsi_disk *sdkp, static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) { - u64 zone_blocks; + u64 zone_blocks = 0; sector_t block = 0; unsigned char *buf; unsigned char *rec; @@ -443,10 +443,8 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) /* Do a report zone to get the same field */ ret = sd_zbc_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, 0); - if (ret) { - zone_blocks = 0; - goto out; - } + if (ret) + goto out_free; same = buf[4] & 0x0f; if (same > 0) { @@ -489,7 +487,7 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) ret = sd_zbc_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, block); if (ret) - return ret; + goto out_free; } } while (block < sdkp->capacity); @@ -497,34 +495,32 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) zone_blocks = sdkp->zone_blocks; out: - kfree(buf); - if (!zone_blocks) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Devices with non constant zone " "size are not supported\n"); - return -ENODEV; - } - - if (!is_power_of_2(zone_blocks)) { + ret = -ENODEV; + } else if (!is_power_of_2(zone_blocks)) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Devices with non power of 2 zone " "size are not supported\n"); - return -ENODEV; - } - - if (logical_to_sectors(sdkp->device, zone_blocks) > UINT_MAX) { + ret = -ENODEV; + } else if (logical_to_sectors(sdkp->device, zone_blocks) > UINT_MAX) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Zone size too large\n"); - return -ENODEV; + ret = -ENODEV; + } else { + sdkp->zone_blocks = zone_blocks; + sdkp->zone_shift = ilog2(zone_blocks); } - sdkp->zone_blocks = zone_blocks; +out_free: + kfree(buf); - return 0; + return ret; } static int sd_zbc_setup(struct scsi_disk *sdkp)