The following reply was made to PR kern/44207; it has been noted by GNATS.
From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, kern-bug-people%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Cc:
Subject: Re: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL)
Date: Wed, 8 Dec 2010 11:10:47 -0500
On Dec 8, 3:15pm, Wolfgang.Stukenbrock%nagler-company.com@localhost
(Wolfgang.Stukenbrock%nagler-company.com@localhost) wrote:
-- Subject: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LAB
| While adding support for parity-maps handling the ioctl code for RAIDFRAME_GET_COMPONENT_LABEL
| has been changed.
| Accedently the memory allocated for the copyin is neither checked for
an allocation error
| anymore, nor the memory is freed on copyin() error or bad values in the
just copied in parameter.
There cannot be a memory allocation error because RF_Malloc does always WAITOK
allocations.
|
| Another problem during attach of the raidframe driver is, that the number of available
| raid devices is not reset to 0 if no memory for the softc structures
can be allocated.
| This of cause will be a very rare situation, but if it happens access
to not-allocated
| memory may happen. (Found by checking all RF_Malloc()'s in this file
...)
| >How-To-Repeat:
| Found by a look into the sources.
| You may trigger it by passing bad values in the parameter for the
component-label-column.
| >Fix:
| The following fix will remove both problems.
Thanks.
christos