tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

pqi_report_phys_luns() fails to release the rpl_list buffer when
encountering an unsupported data format or when the allocation for
rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic,
leading to memory leaks.

Consolidate the error handling by adding an out_free_rpl_list label and use
goto statements to ensure rpl_list is consistently freed on failure.

Compile tested only. Issue found using a prototype static analysis tool and
code review.

Fixes: 28ca6d876c5a ("scsi: smartpqi: Add extended report physical LUNs")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Tested-by: Don Brace <don.brace@microchip.com>
Acked-by: Don Brace <don.brace@microchip.com>
Link: https://patch.msgid.link/20260131093641.1008117-1-zilin@seu.edu.cn
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Zilin Guan and committed by
Martin K. Petersen 41b37312 21a16f0f

+10 -3
+10 -3
drivers/scsi/smartpqi/smartpqi_init.c
··· 1241 1241 dev_err(&ctrl_info->pci_dev->dev, 1242 1242 "RPL returned unsupported data format %u\n", 1243 1243 rpl_response_format); 1244 - return -EINVAL; 1244 + rc = -EINVAL; 1245 + goto out_free_rpl_list; 1245 1246 } else { 1246 1247 dev_warn(&ctrl_info->pci_dev->dev, 1247 1248 "RPL returned extended format 2 instead of 4\n"); ··· 1254 1253 1255 1254 rpl_16byte_wwid_list = kmalloc(struct_size(rpl_16byte_wwid_list, lun_entries, 1256 1255 num_physicals), GFP_KERNEL); 1257 - if (!rpl_16byte_wwid_list) 1258 - return -ENOMEM; 1256 + if (!rpl_16byte_wwid_list) { 1257 + rc = -ENOMEM; 1258 + goto out_free_rpl_list; 1259 + } 1259 1260 1260 1261 put_unaligned_be32(num_physicals * sizeof(struct report_phys_lun_16byte_wwid), 1261 1262 &rpl_16byte_wwid_list->header.list_length); ··· 1278 1275 *buffer = rpl_16byte_wwid_list; 1279 1276 1280 1277 return 0; 1278 + 1279 + out_free_rpl_list: 1280 + kfree(rpl_list); 1281 + return rc; 1281 1282 } 1282 1283 1283 1284 static inline int pqi_report_logical_luns(struct pqi_ctrl_info *ctrl_info, void **buffer)