Date: Sun, 18 Jan 2004 17:44:48 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: Paul Twohey <twohey@CS.Stanford.EDU> Cc: scsi@freebsd.org Subject: Re: [CHECKER] bugs in FreeBSD Message-ID: <20040118154447.GA32115@FreeBSD.org.ua> In-Reply-To: <Pine.LNX.4.44.0401161607260.26554-100000@Xenon.Stanford.EDU> References: <Pine.LNX.4.44.0401161607260.26554-100000@Xenon.Stanford.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Fri, Jan 16, 2004 at 04:09:34PM -0800, Paul Twohey wrote:
[...]
> ---------------------------------------------------------
> [BUG]
> /u2/engler/mc/freebsd/sys/i386/compile/GENERIC/../../../dev/dpt/dpt_scsi.c:1542:dpt_attach:ERROR:LEAK:1542:1571: pointer=devq from RO=cam_simq_alloc(-1) [s=21,pop=21,pr=0.99] [rank=med] leaked! [z=1.0] [success=3]
>
> int i;
>
> /*
> * Create the device queue for our SIM.
> */
> Start --->
> devq = cam_simq_alloc(dpt->max_dccbs);
>
> ... DELETED 23 lines ...
>
>
> }
> if (i > 0)
> EVENTHANDLER_REGISTER(shutdown_final, dptshutdown,
> dpt, SHUTDOWN_PRI_DEFAULT);
> Error --->
> return (i);
> }
>
> int
> ---------------------------------------------------------
We aren't leaking "devq" here, it's freed (if necessary) by setting
the second cam_sim_free() argument to true:
if (xpt_bus_register(dpt->sims[i], i) != CAM_SUCCESS) {
cam_sim_free(dpt->sims[i], /*free_devq*/i == 0);
break;
}
But we're missing the proper NULL checking, here's the fix:
%%%
Index: dpt_scsi.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/dpt/dpt_scsi.c,v
retrieving revision 1.45
diff -u -p -r1.45 dpt_scsi.c
--- dpt_scsi.c 24 Aug 2003 17:46:04 -0000 1.45
+++ dpt_scsi.c 18 Jan 2004 15:39:13 -0000
@@ -1553,6 +1553,8 @@ dpt_attach(dpt_softc_t *dpt)
dpt->sims[i] = cam_sim_alloc(dpt_action, dpt_poll, "dpt",
dpt, dpt->unit, /*untagged*/2,
/*tagged*/dpt->max_dccbs, devq);
+ if (dpt->sims[i] == NULL)
+ break;
if (xpt_bus_register(dpt->sims[i], i) != CAM_SUCCESS) {
cam_sim_free(dpt->sims[i], /*free_devq*/i == 0);
break;
%%%
--
Ruslan Ermilov
FreeBSD committer
ru@FreeBSD.org
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFACqnvUkv4P6juNwoRAmc2AJ4yZOY/4fv1WzHuGBEtrFzVYHmRiACeMSY6
/ucH2Zb2vN73gaOViebu77U=
=g3Hd
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040118154447.GA32115>