In fc_disc_gpn_id_resp(), skb is supposed to get free for all the cases (excluding PTR_ERR).
But it wasn't get free in all the cases, leading to memory leak.
This fix is to execute `fc_frame_free(fp)` before function returns.
Reviewed-by: Girish Basrur <gbasrur@xxxxxxxxxxx>
Reviewed-by: Santosh Vernekar <svernekar@xxxxxxxxxxx>
Reviewed-by: Saurav Kashyap <skashyap@xxxxxxxxxxx>
Reviewed-by: Shyam Sundar <ssundar@xxxxxxxxxxx>
Signed-off-by: Javed Hasan <jhasan@xxxxxxxxxxx>
---
drivers/scsi/libfc/fc_disc.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/libfc/fc_disc.c b/drivers/scsi/libfc/fc_disc.c
index 9c5f7c9..11d4350 100644
--- a/drivers/scsi/libfc/fc_disc.c
+++ b/drivers/scsi/libfc/fc_disc.c
@@ -581,9 +581,13 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
if (PTR_ERR(fp) == -FC_EX_CLOSED)
goto out;
- if (IS_ERR(fp))
- goto redisc;
-
+ if (IS_ERR(fp)) {
+ mutex_lock(&disc->disc_mutex);
+ fc_disc_restart(disc);
+ mutex_unlock(&disc->disc_mutex);
+ goto out;
+ }
+
cp = fc_frame_payload_get(fp, sizeof(*cp));
if (!cp)
goto redisc;
@@ -609,7 +613,7 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
new_rdata->disc_id = disc->disc_id;
fc_rport_login(new_rdata);
}
- goto out;
+ goto free_fp;
}
rdata->disc_id = disc->disc_id;
mutex_unlock(&rdata->rp_mutex);
@@ -626,6 +630,8 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
fc_disc_restart(disc);
mutex_unlock(&disc->disc_mutex);
}
+free_fp:
+ fc_frame_free(fp);
out:
kref_put(&rdata->kref, fc_rport_destroy);
}
--
1.8.3.1
