pm8001: fix a memory leak in flash_update
authorTomas Henzl <thenzl@redhat.com>
Mon, 7 Jul 2014 15:20:00 +0000 (17:20 +0200)
committerChristoph Hellwig <hch@lst.de>
Fri, 25 Jul 2014 21:17:05 +0000 (17:17 -0400)
ccb->fw_control_context is copied to local fw_control_context and
the local variable is never used later

Free ccb->fw_control_context.  The task is forgotten thus also the
reference to fw_control_context and the completion thread takes the info
from virt_ptr again.

Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Acked-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
drivers/scsi/pm8001/pm8001_hwi.c

index cc89d18e1ae68bd4bc630254666a9297c61df8f8..2e5eb4bae44fc3981d7de50be52b2543047a4b5b 100644 (file)
@@ -3624,15 +3624,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
                void *piomb)
 {
        u32 status;
-       struct fw_control_ex    fw_control_context;
        struct fw_flash_Update_resp *ppayload =
                (struct fw_flash_Update_resp *)(piomb + 4);
        u32 tag = le32_to_cpu(ppayload->tag);
        struct pm8001_ccb_info *ccb = &pm8001_ha->ccb_info[tag];
        status = le32_to_cpu(ppayload->status);
-       memcpy(&fw_control_context,
-               ccb->fw_control_context,
-               sizeof(fw_control_context));
        switch (status) {
        case FLASH_UPDATE_COMPLETE_PENDING_REBOOT:
                PM8001_MSG_DBG(pm8001_ha,
@@ -3675,11 +3671,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
                        pm8001_printk("No matched status = %d\n", status));
                break;
        }
-       ccb->fw_control_context->fw_control->retcode = status;
-       complete(pm8001_ha->nvmd_completion);
+       kfree(ccb->fw_control_context);
        ccb->task = NULL;
        ccb->ccb_tag = 0xFFFFFFFF;
        pm8001_tag_free(pm8001_ha, tag);
+       complete(pm8001_ha->nvmd_completion);
        return 0;
 }
 
@@ -4884,6 +4880,10 @@ int pm8001_chip_set_nvmd_req(struct pm8001_hba_info *pm8001_ha,
                break;
        }
        rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &nvmd_req, 0);
+       if (rc) {
+               kfree(fw_control_context);
+               pm8001_tag_free(pm8001_ha, tag);
+       }
        return rc;
 }