| Message ID | EDBAAA0BBBA2AC4E9C8B6B81DEEE1D6915E7A966@DGGEML525-MBS.china.huawei.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 9a1b0b9a6dab452fb0e39fe96880c4faf3878369 |
| Headers | show |
| Series | scsi:lpfc:Fix memory leak on lpfc_bsg_write_ebuf_set func | expand |
On 12/6/2019 7:22 PM, wubo (T) wrote: > When phba->mbox_ext_buf_ctx.seqNum != phba->mbox_ext_buf_ctx.numBuf, > dd_data should be freed before return SLI_CONFIG_HANDLED. > > When lpfc_sli_issue_mbox func return fails, pmboxq should be also freed in job_error tag. > > > Signed-off-by:Bo wu <wubo40@huawei.com> > Reviewed-by:Zhiqiang Liu <liuzhiqiang26@huawei.com> > --- > drivers/scsi/lpfc/lpfc_bsg.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/drivers/scsi/lpfc/lpfc_bsg.c b/drivers/scsi/lpfc/lpfc_bsg.c > index 39a736b887b1..6c2b03415a2c 100644 > --- a/drivers/scsi/lpfc/lpfc_bsg.c > +++ b/drivers/scsi/lpfc/lpfc_bsg.c > @@ -4489,12 +4489,6 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, > phba->mbox_ext_buf_ctx.seqNum++; > nemb_tp = phba->mbox_ext_buf_ctx.nembType; > > - dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL); > - if (!dd_data) { > - rc = -ENOMEM; > - goto job_error; > - } > - > pbuf = (uint8_t *)dmabuf->virt; > size = job->request_payload.payload_len; > sg_copy_to_buffer(job->request_payload.sg_list, > @@ -4531,6 +4525,13 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, > "2968 SLI_CONFIG ext-buffer wr all %d " > "ebuffers received\n", > phba->mbox_ext_buf_ctx.numBuf); > + > + dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL); > + if (!dd_data) { > + rc = -ENOMEM; > + goto job_error; > + } > + > /* mailbox command structure for base driver */ > pmboxq = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL); > if (!pmboxq) { > @@ -4579,6 +4580,8 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, > return SLI_CONFIG_HANDLED; > > job_error: > + if (pmboxq) > + mempool_free(pmboxq, phba->mbox_mem_pool); > lpfc_bsg_dma_page_free(phba, dmabuf); > kfree(dd_data); > Looks good! Reviewed-by: James Smart <james.smart@broadcom.com> -- james
wubo, > When phba->mbox_ext_buf_ctx.seqNum != phba->mbox_ext_buf_ctx.numBuf, > dd_data should be freed before return SLI_CONFIG_HANDLED. > > When lpfc_sli_issue_mbox func return fails, pmboxq should be also > freed in job_error tag. Applied to 5.5/scsi-fixes. Please make sure your Author: string matches your Signed-off-by:. Also, please use checkpatch!
diff --git a/drivers/scsi/lpfc/lpfc_bsg.c b/drivers/scsi/lpfc/lpfc_bsg.c index 39a736b887b1..6c2b03415a2c 100644 --- a/drivers/scsi/lpfc/lpfc_bsg.c +++ b/drivers/scsi/lpfc/lpfc_bsg.c @@ -4489,12 +4489,6 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, phba->mbox_ext_buf_ctx.seqNum++; nemb_tp = phba->mbox_ext_buf_ctx.nembType; - dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL); - if (!dd_data) { - rc = -ENOMEM; - goto job_error; - } - pbuf = (uint8_t *)dmabuf->virt; size = job->request_payload.payload_len; sg_copy_to_buffer(job->request_payload.sg_list, @@ -4531,6 +4525,13 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, "2968 SLI_CONFIG ext-buffer wr all %d " "ebuffers received\n", phba->mbox_ext_buf_ctx.numBuf); + + dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL); + if (!dd_data) { + rc = -ENOMEM; + goto job_error; + } + /* mailbox command structure for base driver */ pmboxq = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL); if (!pmboxq) { @@ -4579,6 +4580,8 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job, return SLI_CONFIG_HANDLED; job_error: + if (pmboxq) + mempool_free(pmboxq, phba->mbox_mem_pool); lpfc_bsg_dma_page_free(phba, dmabuf); kfree(dd_data);