diff options
author | Tomas Henzl <thenzl@redhat.com> | 2014-07-07 17:20:00 +0200 |
---|---|---|
committer | Christoph Hellwig <hch@lst.de> | 2014-07-25 17:17:05 -0400 |
commit | 9422e864fa4e2d323407cfca6ca14712cf17fb40 (patch) | |
tree | 36d586eae9bed65156cd681bcd2e4bab59a6f2d7 /drivers/scsi/pm8001 | |
parent | da225498d97565b6f25ed28ebdf0fecdf3a5ca5c (diff) | |
download | op-kernel-dev-9422e864fa4e2d323407cfca6ca14712cf17fb40.zip op-kernel-dev-9422e864fa4e2d323407cfca6ca14712cf17fb40.tar.gz |
pm8001: fix a memory leak in flash_update
ccb->fw_control_context is copied to local fw_control_context and
the local variable is never used later
Free ccb->fw_control_context. The task is forgotten thus also the
reference to fw_control_context and the completion thread takes the info
from virt_ptr again.
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Acked-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/scsi/pm8001')
-rw-r--r-- | drivers/scsi/pm8001/pm8001_hwi.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c index cc89d18..2e5eb4b 100644 --- a/drivers/scsi/pm8001/pm8001_hwi.c +++ b/drivers/scsi/pm8001/pm8001_hwi.c @@ -3624,15 +3624,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha, void *piomb) { u32 status; - struct fw_control_ex fw_control_context; struct fw_flash_Update_resp *ppayload = (struct fw_flash_Update_resp *)(piomb + 4); u32 tag = le32_to_cpu(ppayload->tag); struct pm8001_ccb_info *ccb = &pm8001_ha->ccb_info[tag]; status = le32_to_cpu(ppayload->status); - memcpy(&fw_control_context, - ccb->fw_control_context, - sizeof(fw_control_context)); switch (status) { case FLASH_UPDATE_COMPLETE_PENDING_REBOOT: PM8001_MSG_DBG(pm8001_ha, @@ -3675,11 +3671,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha, pm8001_printk("No matched status = %d\n", status)); break; } - ccb->fw_control_context->fw_control->retcode = status; - complete(pm8001_ha->nvmd_completion); + kfree(ccb->fw_control_context); ccb->task = NULL; ccb->ccb_tag = 0xFFFFFFFF; pm8001_tag_free(pm8001_ha, tag); + complete(pm8001_ha->nvmd_completion); return 0; } @@ -4884,6 +4880,10 @@ int pm8001_chip_set_nvmd_req(struct pm8001_hba_info *pm8001_ha, break; } rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &nvmd_req, 0); + if (rc) { + kfree(fw_control_context); + pm8001_tag_free(pm8001_ha, tag); + } return rc; } |