RE: [PATCH 3/4] scsi: pm8001: fix a memory leak in flash_update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mon, Jul 7, 2014 at 8:50 PM, Tomas Henzl <thenzl@xxxxxxxxxx> wrote:
> ccb->fw_control_context is copied to local fw_control_context and
> the local variable is never used later
>
> Free ccb->fw_control_context.
> The task is forgotten thus also the reference to fw_control_context
> and the completion thread takes the info from virt_ptr again.

Looks good. Thanks Tomas.
Acked-by: Suresh Thiagarajan<Suresh.Thiagarajan@xxxxxxxx>

>
> Signed-off-by: Tomas Henzl <thenzl@xxxxxxxxxx>
> ---
>  drivers/scsi/pm8001/pm8001_hwi.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
> index dc70791..05beb69 100644
> --- a/drivers/scsi/pm8001/pm8001_hwi.c
> +++ b/drivers/scsi/pm8001/pm8001_hwi.c
> @@ -3617,15 +3617,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
>                 void *piomb)
>  {
>         u32 status;
> -       struct fw_control_ex    fw_control_context;
>         struct fw_flash_Update_resp *ppayload =
>                 (struct fw_flash_Update_resp *)(piomb + 4);
>         u32 tag = le32_to_cpu(ppayload->tag);
>         struct pm8001_ccb_info *ccb = &pm8001_ha->ccb_info[tag];
>         status = le32_to_cpu(ppayload->status);
> -       memcpy(&fw_control_context,
> -               ccb->fw_control_context,
> -               sizeof(fw_control_context));
>         switch (status) {
>         case FLASH_UPDATE_COMPLETE_PENDING_REBOOT:
>                 PM8001_MSG_DBG(pm8001_ha,
> @@ -3668,11 +3664,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
>                         pm8001_printk("No matched status = %d\n", status));
>                 break;
>         }
> -       ccb->fw_control_context->fw_control->retcode = status;
> -       complete(pm8001_ha->nvmd_completion);
> +       kfree(ccb->fw_control_context);
>         ccb->task = NULL;
>         ccb->ccb_tag = 0xFFFFFFFF;
>         pm8001_tag_free(pm8001_ha, tag);
> +       complete(pm8001_ha->nvmd_completion);
>         return 0;
>  }
>
> @@ -4876,6 +4872,10 @@ int pm8001_chip_set_nvmd_req(struct pm8001_hba_info *pm8001_ha,
>                 break;
>         }
>         rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &nvmd_req, 0);
> +       if (rc) {
> +               kfree(fw_control_context);
> +               pm8001_tag_free(pm8001_ha, tag);
> +       }
>         return rc;
>  }
>
> --
> 1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux