Re: [patch] infiniband: remove dead code

Dan Carpenter <error27@xxxxxxxxx> · Mon, 15 Mar 2010 18:07:35 +0300

On Mon, Mar 15, 2010 at 11:18:47AM -0300, Thadeu Lima de Souza Cascardo wrote:
> On Mon, Mar 15, 2010 at 11:23:32AM +0300, Dan Carpenter wrote:
> > "ret" is initialized to -ENOMEM so we don't need to set it here.
> > 
> > Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
> > 
> > diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
> > index 308d17b..8fa6997 100644
> > --- a/drivers/infiniband/ulp/iser/iser_verbs.c
> > +++ b/drivers/infiniband/ulp/iser/iser_verbs.c
> > @@ -148,10 +148,8 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
> >  	device = ib_conn->device;
> >  
> >  	ib_conn->login_buf = kmalloc(ISER_RX_LOGIN_SIZE, GFP_KERNEL);
> > -	if (!ib_conn->login_buf) {
> > +	if (!ib_conn->login_buf)
> >  		goto alloc_err;
> > -		ret = -ENOMEM;
> > -	}
> >  
> >  	ib_conn->login_dma = ib_dma_map_single(ib_conn->device->ib_device,
> >  				(void *)ib_conn->login_buf, ISER_RX_LOGIN_SIZE,
> > @@ -160,10 +158,9 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
> >  	ib_conn->page_vec = kmalloc(sizeof(struct iser_page_vec) +
> >  				    (sizeof(u64) * (ISCSI_ISER_SG_TABLESIZE +1)),
> >  				    GFP_KERNEL);
> > -	if (!ib_conn->page_vec) {
> > -		ret = -ENOMEM;
> > +	if (!ib_conn->page_vec)
> >  		goto alloc_err;
> > -	}
> > +
> >  	ib_conn->page_vec->pages = (u64 *) (ib_conn->page_vec + 1);
> >  
> >  	params.page_shift        = SHIFT_4K;
> 
> If there's a failure while allocating page_vec, login_buf will not be
> released. A single extra label should solve this.
> 
> Regards,
> Cascardo.

Hm...  Actually it looks like we should just remove both those
calls to kfree() and the ib_destroy_fmr_pool().  Otherwise we'll do
a double free when we get to iser_conn_release().

The call tree looks like this:
iser_connect() => iser_cma_handler() => iser_route_handler() 
	=> iser_create_ib_conn_res()

		We fail here and return failures back down the tree.

iser_connect() => iser_conn_release()

		Double free.

I will send a patch for this tomorrow.

regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html