From 1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Mon, 10 Mar 2008 22:50:04 +0100 Subject: [PATCH] [SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle Signed-off-by: James Bottomley --- drivers/scsi/gdth.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 27ebd336409b..0b2080d33575 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, if (!scp) return -ENOMEM; + scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL); + if (!scp->sense_buffer) { + kfree(scp); + return -ENOMEM; + } + scp->device = sdev; memset(&cmndinfo, 0, sizeof(cmndinfo)); @@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, rval = cmndinfo.status; if (info) *info = cmndinfo.info; + kfree(scp->sense_buffer); kfree(scp); return rval; }