Commit 729d70f5 authored Aug 27, 2005 by Jan Blunck Committed by Linus Torvalds Aug 27, 2005

[PATCH] sg.c: fix a memory leak in devices seq_file implementation



I know that scsi procfs is legacy code but this is a fix for a memory leak.

While reading through sg.c I realized that the implementation of
/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
pointer returned by the next() iterator method.  Since next() might return
NULL or an error this is wrong.  This patch fixes it through using the
seq_files private field for holding the reference to the iterator object.

Here is a small bash script to trigger the leak. Use slabtop to watch
the size-32 usage grow and grow.

#!/bin/sh

while true; do
	cat /proc/scsi/sg/devices > /dev/null
done

Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de>
Acked-by: James Bottomley <James.Bottomley@steeleye.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent 8126fdbc

drivers/scsi/sg.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -2971,23 +2971,22 @@ static void * dev_seq_start(struct seq_file s, loff_t pos)
		{
		struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);

		s->private = it;
		if (! it)
		return NULL;

		if (NULL == sg_dev_arr)
		goto err1;
		return NULL;
		it->index = *pos;
		it->max = sg_last_dev();
		if (it->index >= it->max)
		goto err1;
		return it;
		err1:
		kfree(it);
		return NULL;
		return it;
		}

		static void * dev_seq_next(struct seq_file s, void v, loff_t *pos)
		{
		struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
		struct sg_proc_deviter * it = s->private;

		*pos = ++it->index;
		return (it->index < it->max) ? it : NULL;
		@@ -2995,7 +2994,7 @@ static void * dev_seq_next(struct seq_file s, void v, loff_t *pos)

		static void dev_seq_stop(struct seq_file s, void v)
		{
		kfree (v);
		kfree(s->private);
		}

		static int sg_proc_open_dev(struct inode inode, struct file file)