[PATCH] [2.4] fix LVM memleaks.

[Oleg Drokin]

Hello!

   There are two error patchs in lvm code, that leads to leaking memory.
   One if creating too many volume gropups and one if incorrect
   buffer from userspace was passed.
   Fixes are trivial. Please apply.

   Found with help of smatch.


===== drivers/md/lvm.c 1.20 vs edited =====
--- 1.20/drivers/md/lvm.c	Mon Mar 10 17:55:46 2003
+++ edited/drivers/md/lvm.c	Mon Sep 22 02:53:54 2003
@@ -1584,8 +1584,10 @@
 		minor = vg_ptr->vg_number;
 
 	/* check limits */
-	if (minor >= ABS_MAX_VG)
+	if (minor >= ABS_MAX_VG) {
+		kfree(vg_ptr);
 		return -EFAULT;
+	}
 
 	/* Validate it */
 	if (vg[VG_CHR(minor)] != NULL) {
@@ -1653,8 +1655,7 @@
 				P_IOCTL
 				    ("ERROR: copying LV ptr %p (%d bytes)\n",
 				     lvp, sizeof(lv_t));
-				lvm_do_vg_remove(minor);
-				return -EFAULT;
+				goto copy_fault;
 			}
 			if (lv.lv_access & LV_SNAPSHOT) {
 				snap_lv_ptr[ls] = lvp;
@@ -1665,8 +1666,7 @@
 			vg_ptr->lv[l] = NULL;
 			/* only create original logical volumes for now */
 			if (lvm_do_lv_create(minor, lv.lv_name, &lv) != 0) {
-				lvm_do_vg_remove(minor);
-				return -EFAULT;
+				goto copy_fault;
 			}
 		}
 	}
@@ -1676,12 +1676,10 @@
 	for (l = 0; l < ls; l++) {
 		lv_t *lvp = snap_lv_ptr[l];
 		if (copy_from_user(&lv, lvp, sizeof(lv_t)) != 0) {
-			lvm_do_vg_remove(minor);
-			return -EFAULT;
+			goto copy_fault;
 		}
 		if (lvm_do_lv_create(minor, lv.lv_name, &lv) != 0) {
-			lvm_do_vg_remove(minor);
-			return -EFAULT;
+			goto copy_fault;
 		}
 	}
 
@@ -1696,6 +1694,10 @@
 	vg_ptr->vg_status |= VG_ACTIVE;
 
 	return 0;
+copy_fault:
+	lvm_do_vg_remove(minor);
+	vfree(snap_lv_ptr);
+	return -EFAULT;
 }				/* lvm_do_vg_create() */
 
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/