On Sat, 2015-05-16 at 13:21 +0530, Selvin Xavier wrote:
> @@ -1468,10 +1471,8 @@ static int ocrdma_mbx_alloc_pd_range(struct ocrdma_dev *dev)
>
> cmd->pd_count = dev->attr.max_pd - dev->attr.max_dpp_pds;
> status = ocrdma_mbx_cmd(dev, (struct ocrdma_mqe *)cmd);
> - if (status)
> - goto mbx_err;
> rsp = (struct ocrdma_alloc_pd_range_rsp *)cmd;
> - if (rsp->pd_count) {
> + if (!status && rsp->pd_count) {
> dev->pd_mgr->pd_norm_start = rsp->dpp_page_pdid &
> OCRDMA_ALLOC_PD_RNG_RSP_START_PDID_MASK;
> dev->pd_mgr->max_normal_pd = rsp->pd_count;
> @@ -1486,7 +1487,6 @@ static int ocrdma_mbx_alloc_pd_range(struct ocrdma_dev *dev)
> } else {
> return -ENOMEM;
> }
> -mbx_err:
> kfree(cmd);
> return status;
> }
I didn't go into the file to make sure, but this looks like a memory
leak (in fact, it looks like a leak that always existed, specifically if
rsp->pd_count == 0 then the else causes you to leave before the
kfree(cmd) and therefore you leak). It's now been made worse because it
would now happen both when status != 0 and when pd_count == 0.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: This is a digitally signed message part
