sgc-fix-a-memory-leak-in-devices-seq_file-implementation.patch added to -mm tree

Fri, 26 Aug 2005 12:45:04 -0700 

The patch titled

     sg.c: fix a memory leak in devices seq_file implementation

has been added to the -mm tree.  Its filename is

     sgc-fix-a-memory-leak-in-devices-seq_file-implementation.patch

Patches currently in -mm which might be from [EMAIL PROTECTED] are

sgc-fix-a-memory-leak-in-devices-seq_file-implementation.patch



From: Jan Blunck <[EMAIL PROTECTED]>

I know that scsi procfs is legacy code but this is a fix for a memory leak.

While reading through sg.c I realized that the implementation of
/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
pointer returned by the next() iterator method.  Since next() might return
NULL or an error this is wrong.  This patch fixes it through using the
seq_files private field for holding the reference to the iterator object.

Here is a small bash script to trigger the leak. Use slabtop to watch
the size-32 usage grow and grow.

[--snipp--]
#!/bin/sh

while true; do
        cat /proc/scsi/sg/devices > /dev/null
done

[--snipp--]

Signed-off-by: Jan Blunck <[EMAIL PROTECTED]>
Cc: James Bottomley <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---

 drivers/scsi/sg.c |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff -puN 
drivers/scsi/sg.c~sgc-fix-a-memory-leak-in-devices-seq_file-implementation 
drivers/scsi/sg.c
--- 
devel/drivers/scsi/sg.c~sgc-fix-a-memory-leak-in-devices-seq_file-implementation
    2005-08-26 12:40:28.000000000 -0700
+++ devel-akpm/drivers/scsi/sg.c        2005-08-26 12:40:28.000000000 -0700
@@ -2971,23 +2971,22 @@ static void * dev_seq_start(struct seq_f
 {
        struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
 
+       s->private = it;
        if (! it)
                return NULL;
+
        if (NULL == sg_dev_arr)
-               goto err1;
+               return NULL;
        it->index = *pos;
        it->max = sg_last_dev();
        if (it->index >= it->max)
-               goto err1;
+               return NULL;
        return it;
-err1:
-       kfree(it);
-       return NULL;
 }
 
 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
 {
-       struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
+       struct sg_proc_deviter * it = s->private;
 
        *pos = ++it->index;
        return (it->index < it->max) ? it : NULL;
@@ -2995,7 +2994,10 @@ static void * dev_seq_next(struct seq_fi
 
 static void dev_seq_stop(struct seq_file *s, void *v)
 {
-       kfree (v);
+       struct sg_proc_deviter *it = s->private;
+
+       if (it)
+               kfree (it);
 }
 
 static int sg_proc_open_dev(struct inode *inode, struct file *file)
_
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to