From patchwork Tue Mar 16 08:09:26 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 86095 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o2G8HZG2026132 for ; Tue, 16 Mar 2010 08:17:35 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937534Ab0CPIRe (ORCPT ); Tue, 16 Mar 2010 04:17:34 -0400 Received: from mail-bw0-f211.google.com ([209.85.218.211]:54158 "EHLO mail-bw0-f211.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S936515Ab0CPIRd (ORCPT ); Tue, 16 Mar 2010 04:17:33 -0400 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Tue, 16 Mar 2010 08:17:35 +0000 (UTC) X-Greylist: delayed 475 seconds by postgrey-1.27 at vger.kernel.org; Tue, 16 Mar 2010 04:17:32 EDT Received: by mail-bw0-f211.google.com with SMTP id 3so196736bwz.29 for ; Tue, 16 Mar 2010 01:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=qi50WgUAWqqtY7gr2ddVK6E+wTYlVBN3cEE7MaCk3X8=; b=oBPu1bEAraojms/IDR6AOUWF8RyEOPQJr1bk+jozVIEExmiPZiJzuYLQbVwUTg5Gi2 hKiFSBINjVayhU49annxbP82kWEZME489hr+TteCytNTh85Q0mwY4yVZa5hF7uV9CGQ+ skEF0HmXTfqHmAUhZC9OV+rUwvdR0/qO1cZBU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=ukIT/G2Qt+K2vFXxLg/PORVKV/hsf3dQfKB+7P1Wmm396s/lLpFQc6WBZdqh39Sbfs dvEzkVOVrS4Cr/14SHz/rFOa2A58/KXNjr+Yuv/Vf5zt2/sLFS+cAH2vbGcMfUjnz0o3 d8gnlMWkiRh/AVltExuYa1FSN/SZ3Lv27Vzts= Received: by 10.204.140.18 with SMTP id g18mr4022666bku.47.1268726975880; Tue, 16 Mar 2010 01:09:35 -0700 (PDT) Received: from bicker ([196.43.68.115]) by mx.google.com with ESMTPS id a11sm24921451bkc.9.2010.03.16.01.09.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 16 Mar 2010 01:09:34 -0700 (PDT) Date: Tue, 16 Mar 2010 11:09:26 +0300 From: Dan Carpenter To: Or Gerlitz Cc: Thadeu Lima de Souza Cascardo , Roland Dreier , Or Gerlitz , Jiri Kosina , linux-rdma@vger.kernel.org Subject: [patch] infiniband: potential double free Message-ID: <20100316080925.GC5331@bicker> References: <20100315082332.GF18181@bicker> <20100315141846.GA1477@holoscopio.com> <20100315150735.GM18181@bicker> <15ddcffd1003160027q47286fcqa1344c964fe472b0@mail.gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <15ddcffd1003160027q47286fcqa1344c964fe472b0@mail.gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c index 308d17b..fde2c93 100644 --- a/drivers/infiniband/ulp/iser/iser_verbs.c +++ b/drivers/infiniband/ulp/iser/iser_verbs.c @@ -148,10 +148,8 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn) device = ib_conn->device; ib_conn->login_buf = kmalloc(ISER_RX_LOGIN_SIZE, GFP_KERNEL); - if (!ib_conn->login_buf) { - goto alloc_err; - ret = -ENOMEM; - } + if (!ib_conn->login_buf) + goto out_err; ib_conn->login_dma = ib_dma_map_single(ib_conn->device->ib_device, (void *)ib_conn->login_buf, ISER_RX_LOGIN_SIZE, @@ -160,10 +158,9 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn) ib_conn->page_vec = kmalloc(sizeof(struct iser_page_vec) + (sizeof(u64) * (ISCSI_ISER_SG_TABLESIZE +1)), GFP_KERNEL); - if (!ib_conn->page_vec) { - ret = -ENOMEM; - goto alloc_err; - } + if (!ib_conn->page_vec) + goto out_err; + ib_conn->page_vec->pages = (u64 *) (ib_conn->page_vec + 1); params.page_shift = SHIFT_4K; @@ -183,7 +180,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn) ib_conn->fmr_pool = ib_create_fmr_pool(device->pd, ¶ms); if (IS_ERR(ib_conn->fmr_pool)) { ret = PTR_ERR(ib_conn->fmr_pool); - goto fmr_pool_err; + goto out_err; } memset(&init_attr, 0, sizeof init_attr); @@ -201,7 +198,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn) ret = rdma_create_qp(ib_conn->cma_id, device->pd, &init_attr); if (ret) - goto qp_err; + goto out_err; ib_conn->qp = ib_conn->cma_id->qp; iser_err("setting conn %p cma_id %p: fmr_pool %p qp %p\n", @@ -209,12 +206,7 @@ static int iser_create_ib_conn_res(struct iser_conn *ib_conn) ib_conn->fmr_pool, ib_conn->cma_id->qp); return ret; -qp_err: - (void)ib_destroy_fmr_pool(ib_conn->fmr_pool); -fmr_pool_err: - kfree(ib_conn->page_vec); - kfree(ib_conn->login_buf); -alloc_err: +out_err: iser_err("unable to alloc mem or create resource, err %d\n", ret); return ret; }