From: Jean Delvare Date: Thu, 5 Mar 2009 20:45:55 +0000 (-0600) Subject: SCSI: libiscsi: fix iscsi pool error path X-Git-Tag: v2.6.28.10~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28007cf3d87ce574610a3f8a6b0ca4275eaac6dc;p=thirdparty%2Fkernel%2Fstable.git SCSI: libiscsi: fix iscsi pool error path upstream commit: f474a37bc48667595b5653a983b635c95ed82a3b Memory freeing in iscsi_pool_free() looks wrong to me. Either q->pool can be NULL and this should be tested before dereferencing it, or it can't be NULL and it shouldn't be tested at all. As far as I can see, the only case where q->pool is NULL is on early error in iscsi_pool_init(). One possible way to fix the bug is thus to not call iscsi_pool_free() in this case (nothing needs to be freed anyway) and then we can get rid of the q->pool check. Signed-off-by: Jean Delvare Signed-off-by: Mike Christie Signed-off-by: James Bottomley Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index 52a8c970e15c2..9db19511ba688 100644 --- a/drivers/scsi/libiscsi.c +++ b/drivers/scsi/libiscsi.c @@ -1862,7 +1862,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size) num_arrays++; q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); if (q->pool == NULL) - goto enomem; + return -ENOMEM; q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), GFP_KERNEL, NULL); @@ -1897,8 +1897,7 @@ void iscsi_pool_free(struct iscsi_pool *q) for (i = 0; i < q->max; i++) kfree(q->pool[i]); - if (q->pool) - kfree(q->pool); + kfree(q->pool); kfree(q->queue); } EXPORT_SYMBOL_GPL(iscsi_pool_free);