[SCSI] Fix protection scsi_data_buffer leak

We would leak a scsi_data_buffer if the free_list command was of the protected variety. Reported-by: N Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: N James Bottomley <James.Bottomley@suse.de>

[SCSI] Fix protection scsi_data_buffer leak
We would leak a scsi_data_buffer if the free_list command was of the protected variety. Reported-by: N Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com> Cc: Stable Tree <stable@kernel.org> Signed-off-by: N James Bottomley <James.Bottomley@suse.de>
b4c2554d · Martin K. Petersen · James Bottomley · 35e1a5d9 · b4c2554d
隐藏空白更改
内联并排

Showing with 7 addition and 4 deletion

drivers/scsi/scsi.c drivers/scsi/scsi.c +7 -4

未找到文件。
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -241,10 +241,7 @@ scsi_host_alloc_command(struct Scsi_Host *shost, gfp_t gfp_mask)
 */
 struct scsi_cmnd *__scsi_get_command(struct Scsi_Host *shost, gfp_t gfp_mask)
 {
-	struct scsi_cmnd *cmd;
-	unsigned char *buf;
-
-	cmd = scsi_host_alloc_command(shost, gfp_mask);
+	struct scsi_cmnd *cmd = scsi_host_alloc_command(shost, gfp_mask);

 	if (unlikely(!cmd)) {
 		unsigned long flags;
@@ -258,9 +255,15 @@ struct scsi_cmnd *__scsi_get_command(struct Scsi_Host *shost, gfp_t gfp_mask)
 		spin_unlock_irqrestore(&shost->free_list_lock, flags);

 		if (cmd) {
+			void *buf, *prot;
+
 			buf = cmd->sense_buffer;
+			prot = cmd->prot_sdb;
+
 			memset(cmd, 0, sizeof(*cmd));
+
 			cmd->sense_buffer = buf;
+			cmd->prot_sdb = prot;
 		}
 	}