From patchwork Tue Mar 16 08:09:26 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <error27@gmail.com>
X-Patchwork-Id: 86095
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o2G8HZG2026132
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Tue, 16 Mar 2010 08:17:35 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S937534Ab0CPIRe (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Tue, 16 Mar 2010 04:17:34 -0400
Received: from mail-bw0-f211.google.com ([209.85.218.211]:54158 "EHLO
	mail-bw0-f211.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S936515Ab0CPIRd (ORCPT
	<rfc822; linux-rdma@vger.kernel.org>); Tue, 16 Mar 2010 04:17:33 -0400
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Tue, 16 Mar 2010 08:17:35 +0000 (UTC)
X-Greylist: delayed 475 seconds by postgrey-1.27 at vger.kernel.org;
	Tue, 16 Mar 2010 04:17:32 EDT
Received: by mail-bw0-f211.google.com with SMTP id 3so196736bwz.29
	for <linux-rdma@vger.kernel.org>;
	Tue, 16 Mar 2010 01:17:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:cc:subject
	:message-id:references:mime-version:content-type:content-disposition
	:in-reply-to:user-agent;
	bh=qi50WgUAWqqtY7gr2ddVK6E+wTYlVBN3cEE7MaCk3X8=;
	b=oBPu1bEAraojms/IDR6AOUWF8RyEOPQJr1bk+jozVIEExmiPZiJzuYLQbVwUTg5Gi2
	hKiFSBINjVayhU49annxbP82kWEZME489hr+TteCytNTh85Q0mwY4yVZa5hF7uV9CGQ+
	skEF0HmXTfqHmAUhZC9OV+rUwvdR0/qO1cZBU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:user-agent;
	b=ukIT/G2Qt+K2vFXxLg/PORVKV/hsf3dQfKB+7P1Wmm396s/lLpFQc6WBZdqh39Sbfs
	dvEzkVOVrS4Cr/14SHz/rFOa2A58/KXNjr+Yuv/Vf5zt2/sLFS+cAH2vbGcMfUjnz0o3
	d8gnlMWkiRh/AVltExuYa1FSN/SZ3Lv27Vzts=
Received: by 10.204.140.18 with SMTP id g18mr4022666bku.47.1268726975880;
	Tue, 16 Mar 2010 01:09:35 -0700 (PDT)
Received: from bicker ([196.43.68.115]) by mx.google.com with ESMTPS id
	a11sm24921451bkc.9.2010.03.16.01.09.31
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 16 Mar 2010 01:09:34 -0700 (PDT)
Date: Tue, 16 Mar 2010 11:09:26 +0300
From: Dan Carpenter <error27@gmail.com>
To: Or Gerlitz <or.gerlitz@gmail.com>
Cc: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>,
	Roland Dreier <rolandd@cisco.com>, Or Gerlitz <ogerlitz@voltaire.com>,
	Jiri Kosina <jkosina@suse.cz>, linux-rdma@vger.kernel.org
Subject: [patch] infiniband: potential double free
Message-ID: <20100316080925.GC5331@bicker>
References: <20100315082332.GF18181@bicker>
	<20100315141846.GA1477@holoscopio.com>
	<20100315150735.GM18181@bicker>
	<15ddcffd1003160027q47286fcqa1344c964fe472b0@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <15ddcffd1003160027q47286fcqa1344c964fe472b0@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org


diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
index 308d17b..fde2c93 100644
--- a/drivers/infiniband/ulp/iser/iser_verbs.c
+++ b/drivers/infiniband/ulp/iser/iser_verbs.c
@@ -148,10 +148,8 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
 	device = ib_conn->device;
 
 	ib_conn->login_buf = kmalloc(ISER_RX_LOGIN_SIZE, GFP_KERNEL);
-	if (!ib_conn->login_buf) {
-		goto alloc_err;
-		ret = -ENOMEM;
-	}
+	if (!ib_conn->login_buf)
+		goto out_err;
 
 	ib_conn->login_dma = ib_dma_map_single(ib_conn->device->ib_device,
 				(void *)ib_conn->login_buf, ISER_RX_LOGIN_SIZE,
@@ -160,10 +158,9 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
 	ib_conn->page_vec = kmalloc(sizeof(struct iser_page_vec) +
 				    (sizeof(u64) * (ISCSI_ISER_SG_TABLESIZE +1)),
 				    GFP_KERNEL);
-	if (!ib_conn->page_vec) {
-		ret = -ENOMEM;
-		goto alloc_err;
-	}
+	if (!ib_conn->page_vec)
+		goto out_err;
+
 	ib_conn->page_vec->pages = (u64 *) (ib_conn->page_vec + 1);
 
 	params.page_shift        = SHIFT_4K;
@@ -183,7 +180,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
 	ib_conn->fmr_pool = ib_create_fmr_pool(device->pd, &params);
 	if (IS_ERR(ib_conn->fmr_pool)) {
 		ret = PTR_ERR(ib_conn->fmr_pool);
-		goto fmr_pool_err;
+		goto out_err;
 	}
 
 	memset(&init_attr, 0, sizeof init_attr);
@@ -201,7 +198,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
 
 	ret = rdma_create_qp(ib_conn->cma_id, device->pd, &init_attr);
 	if (ret)
-		goto qp_err;
+		goto out_err;
 
 	ib_conn->qp = ib_conn->cma_id->qp;
 	iser_err("setting conn %p cma_id %p: fmr_pool %p qp %p\n",
@@ -209,12 +206,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn)
 		 ib_conn->fmr_pool, ib_conn->cma_id->qp);
 	return ret;
 
-qp_err:
-	(void)ib_destroy_fmr_pool(ib_conn->fmr_pool);
-fmr_pool_err:
-	kfree(ib_conn->page_vec);
-	kfree(ib_conn->login_buf);
-alloc_err:
+out_err:
 	iser_err("unable to alloc mem or create resource, err %d\n", ret);
 	return ret;
 }