On 7/11/19 10:28 AM, Farhan Ali wrote:
> We don't set cp->initialized to true so calling cp_free
> will just return and not do anything.
>
> Also fix a memory leak where we fail to free a ccwchain
> on an error.
>
> Fixes: 812271b910 ("s390/cio: Squash cp_free() and cp_unpin_free()")
> Signed-off-by: Farhan Ali <alifm@xxxxxxxxxxxxx>
Reviewed-by: Eric Farman <farman@xxxxxxxxxxxxx>
> ---
> drivers/s390/cio/vfio_ccw_cp.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
> index c969d48..f862d5d 100644
> --- a/drivers/s390/cio/vfio_ccw_cp.c
> +++ b/drivers/s390/cio/vfio_ccw_cp.c
> @@ -421,7 +421,7 @@ static int ccwchain_loop_tic(struct ccwchain *chain,
> static int ccwchain_handle_ccw(u32 cda, struct channel_program *cp)
> {
> struct ccwchain *chain;
> - int len;
> + int len, ret;
>
> /* Copy 2K (the most we support today) of possible CCWs */
> len = copy_from_iova(cp->mdev, cp->guest_cp, cda,
> @@ -448,7 +448,12 @@ static int ccwchain_handle_ccw(u32 cda, struct channel_program *cp)
> memcpy(chain->ch_ccw, cp->guest_cp, len * sizeof(struct ccw1));
>
> /* Loop for tics on this new chain. */
> - return ccwchain_loop_tic(chain, cp);
> + ret = ccwchain_loop_tic(chain, cp);
> +
> + if (ret)
> + ccwchain_free(chain);
> +
> + return ret;
> }
>
> /* Loop for TICs. */
> @@ -642,8 +647,6 @@ int cp_init(struct channel_program *cp, struct device *mdev, union orb *orb)
>
> /* Build a ccwchain for the first CCW segment */
> ret = ccwchain_handle_ccw(orb->cmd.cpa, cp);
> - if (ret)
> - cp_free(cp);
>
> if (!ret) {
> cp->initialized = true;
>
