Re: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL)

[Greg Oster <oster%cs.usask.ca@localhost>]

The following reply was made to PR kern/44207; it has been noted by GNATS.

From: Greg Oster <oster%cs.usask.ca@localhost>
To: Wolfgang Stukenbrock <Wolfgang.Stukenbrock%nagler-company.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, kern-bug-people%NetBSD.org@localhost,
 gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: kern/44207: memory-leak in
 raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL)
Date: Wed, 8 Dec 2010 12:02:17 -0600

 On Wed, 08 Dec 2010 18:37:16 +0100
 Wolfgang Stukenbrock <Wolfgang.Stukenbrock%nagler-company.com@localhost> wrote:
 
 > Hi,
 >=20
 > if RF_Malloc() may never fail, there are lots of useless checks for
 > NULL of the allocated memory in this file ...
 > Perhaps you should have a look at them too.
 
 heh.. I wonder why I never noticed that years ago when I did the
 big memory allocation changes... There's lots of those checks that can
 get ripped out.... (and some of them propagate to further useless
 checks.. :-/ ) =20
 
 Thanks for finding these...
 
 Later...
 
 Greg Oster
 
 > Christos Zoulas wrote:
 >=20
 > > The following reply was made to PR kern/44207; it has been noted by
 > > GNATS.
 > >=20
 > > From: christos%zoulas.com@localhost (Christos Zoulas)
 > > To: gnats-bugs%NetBSD.org@localhost, 
 > > kern-bug-people%netbsd.org@localhost,=20
 > >    gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
 > > Cc:=20
 > > Subject: Re: kern/44207: memory-leak in
 > > raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL) Date: Wed, 8 Dec 2010
 > > 11:10:47 -0500
 > >=20
 > >  On Dec 8,  3:15pm, Wolfgang.Stukenbrock%nagler-company.com@localhost
 > > (Wolfgang.Stukenbrock%nagler-company.com@localhost) wrote: -- Subject:
 > > kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LAB=20
 > >  |         While adding support for parity-maps handling the ioctl
 > > code for RAIDFRAME_GET_COMPONENT_LABEL |   has been changed.
 > >  |         Accedently the memory allocated for the copyin is
 > > neither checked for an allocation error |  anymore, nor the
 > > memory is freed on copyin() error or bad values in the just copied
 > > in parameter. There cannot be a memory allocation error because
 > > RF_Malloc does always WAITOK allocations.
 > >  |=20
 > >  |         Another problem during attach of the raidframe driver
 > > is, that the number of available |         raid devices is not
 > > reset to 0 if no memory for the softc structures can be allocated.
 > > |  This of cause will be a very rare situation, but if it
 > > happens access to not-allocated |  memory may happen. (Found
 > > by checking all RF_Malloc()'s in this file ...) | >How-To-Repeat: |
 > >    Found by a look into the sources. |     You may trigger
 > > it by passing bad values in the parameter for the
 > > component-label-column. | >Fix: |  The following fix will
 > > remove both problems.=20
 > >  Thanks.
 > > =20
 > >  christos
 > > =20
 > >=20
 >=20
 >=20
 > --=20
 >=20
 >=20
 > Dr. Nagler & Company GmbH
 > Hauptstra=DFe 9
 > 92253 Schnaittenbach
 >=20
 > Tel. +49 9622/71 97-42
 > Fax +49 9622/71 97-50
 >=20
 > Wolfgang.Stukenbrock%nagler-company.com@localhost
 > http://www.nagler-company.com
 >=20
 >=20
 > Hauptsitz: Schnaittenbach
 > Handelregister: Amberg HRB
 > Gerichtsstand: Amberg
 > Steuernummer: 201/118/51825
 > USt.-ID-Nummer: DE 273143997
 > Gesch=E4ftsf=FChrer: Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
 >=20
 
 
 Later...
 
 Greg Oster