提交 f474a37b 编写于 作者: J Jean Delvare 提交者: James Bottomley

[SCSI] libiscsi: fix iscsi pool error path

Memory freeing in iscsi_pool_free() looks wrong to me. Either q->pool
can be NULL and this should be tested before dereferencing it, or it
can't be NULL and it shouldn't be tested at all. As far as I can see,
the only case where q->pool is NULL is on early error in
iscsi_pool_init(). One possible way to fix the bug is thus to not
call iscsi_pool_free() in this case (nothing needs to be freed anyway)
and then we can get rid of the q->pool check.
Signed-off-by: NJean Delvare <jdelvare@suse.de>
Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
上级 07c00ec4
...@@ -1944,7 +1944,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size) ...@@ -1944,7 +1944,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size)
num_arrays++; num_arrays++;
q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL);
if (q->pool == NULL) if (q->pool == NULL)
goto enomem; return -ENOMEM;
q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), q->queue = kfifo_init((void*)q->pool, max * sizeof(void*),
GFP_KERNEL, NULL); GFP_KERNEL, NULL);
...@@ -1979,8 +1979,7 @@ void iscsi_pool_free(struct iscsi_pool *q) ...@@ -1979,8 +1979,7 @@ void iscsi_pool_free(struct iscsi_pool *q)
for (i = 0; i < q->max; i++) for (i = 0; i < q->max; i++)
kfree(q->pool[i]); kfree(q->pool[i]);
if (q->pool) kfree(q->pool);
kfree(q->pool);
kfree(q->queue); kfree(q->queue);
} }
EXPORT_SYMBOL_GPL(iscsi_pool_free); EXPORT_SYMBOL_GPL(iscsi_pool_free);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册