Re: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL)

[christos%zoulas.com@localhost (Christos Zoulas)]

On Dec 8,  3:15pm, Wolfgang.Stukenbrock%nagler-company.com@localhost 
(Wolfgang.Stukenbrock%nagler-company.com@localhost) wrote:
-- Subject: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LAB

|       While adding support for parity-maps handling the ioctl code for 
RAIDFRAME_GET_COMPONENT_LABEL
|       has been changed.
|       Accedently the memory allocated for the copyin is neither checked for 
an allocation error
|       anymore, nor the memory is freed on copyin() error or bad values in the 
just copied in parameter.

There cannot be a memory allocation error because RF_Malloc does always WAITOK
allocations.
| 
|       Another problem during attach of the raidframe driver is, that the 
number of available
|       raid devices is not reset to 0 if no memory for the softc structures 
can be allocated.
|       This of cause will be a very rare situation, but if it happens access 
to not-allocated
|       memory may happen. (Found by checking all RF_Malloc()'s in this file 
...)
| >How-To-Repeat:
|       Found by a look into the sources.
|       You may trigger it by passing bad values in the parameter for the 
component-label-column.
| >Fix:
|       The following fix will remove both problems.

Thanks.

christos