Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9422e864 authored by Tomas Henzl's avatar Tomas Henzl Committed by Christoph Hellwig
Browse files

pm8001: fix a memory leak in flash_update 



ccb->fw_control_context is copied to local fw_control_context and
the local variable is never used later

Free ccb->fw_control_context.  The task is forgotten thus also the
reference to fw_control_context and the completion thread takes the info
from virt_ptr again.

Signed-off-by: default avatarTomas Henzl <thenzl@redhat.com>
Acked-by: default avatarSuresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
parent da225498

drivers/scsi/pm8001/pm8001_hwi.c

+6 −6
Original line number Diff line number Diff line
@@ -3624,15 +3624,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha, 
		void *piomb)

{

	u32 status;

	struct fw_control_ex	fw_control_context;

	struct fw_flash_Update_resp *ppayload =

		(struct fw_flash_Update_resp *)(piomb + 4);

	u32 tag = le32_to_cpu(ppayload->tag);

	struct pm8001_ccb_info *ccb = &pm8001_ha->ccb_info[tag];

	status = le32_to_cpu(ppayload->status);

	memcpy(&fw_control_context,

		ccb->fw_control_context,

		sizeof(fw_control_context));

	switch (status) {

	case FLASH_UPDATE_COMPLETE_PENDING_REBOOT:

		PM8001_MSG_DBG(pm8001_ha,
@@ -3675,11 +3671,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha, 
			pm8001_printk("No matched status = %d\n", status));

		break;

	}

	ccb->fw_control_context->fw_control->retcode = status;

	complete(pm8001_ha->nvmd_completion);

	kfree(ccb->fw_control_context);

	ccb->task = NULL;

	ccb->ccb_tag = 0xFFFFFFFF;

	pm8001_tag_free(pm8001_ha, tag);

	complete(pm8001_ha->nvmd_completion);

	return 0;

}
@@ -4884,6 +4880,10 @@ int pm8001_chip_set_nvmd_req(struct pm8001_hba_info *pm8001_ha, 
		break;

	}

	rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &nvmd_req, 0);

	if (rc) {

		kfree(fw_control_context);

		pm8001_tag_free(pm8001_ha, tag);

	}

	return rc;

}