ACK: [artful/linux trusty/linux 1/1] scsi: libsas: fix memory leak in sas_smp_get_phy_events()
Stefan Bader
stefan.bader at canonical.com
Mon Jun 4 22:06:19 UTC 2018
On 24.05.2018 03:56, Andy Whitcroft wrote:
> From: Jason Yan <yanaijie at huawei.com>
>
> We've got a memory leak with the following producer:
>
> while true;
> do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null;
> done
>
> The buffer req is allocated and not freed after we return. Fix it.
>
> Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
> Signed-off-by: Jason Yan <yanaijie at huawei.com>
> CC: John Garry <john.garry at huawei.com>
> CC: chenqilin <chenqilin2 at huawei.com>
> CC: chenxiang <chenxiang66 at hisilicon.com>
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Reviewed-by: Hannes Reinecke <hare at suse.com>
> Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
>
> (cherry picked from commit 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4)
> CVE-2018-7757
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> drivers/scsi/libsas/sas_expander.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
> index 570b2cb2da43..1ecbea8db010 100644
> --- a/drivers/scsi/libsas/sas_expander.c
> +++ b/drivers/scsi/libsas/sas_expander.c
> @@ -684,6 +684,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy)
> phy->phy_reset_problem_count = scsi_to_u32(&resp[24]);
>
> out:
> + kfree(req);
> kfree(resp);
> return res;
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180604/a2e95dcb/attachment.sig>
More information about the kernel-team
mailing list