* [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences
@ 2014-04-01 11:58 Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 1/3] bnx2fc: remove unused variable hash_table_size Maurizio Lombardi
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Maurizio Lombardi @ 2014-04-01 11:58 UTC (permalink / raw)
To: linux-scsi; +Cc: jbottomley, m.lombardi85, eddie.wai
PATCH 1/3 removes a unused variable from the bnx2fc_free_hash_table() function,
PATCH 2/3 fixes a memory leak and some NULL pointer dereferences in the bnx2fc_free_hash_table() function
that may happen if bnx2fc_allocate_hash_table() fails.
PATCH 3/3 fixes a memory leak in the bnx2fc_allocate_hash_table() function.
Maurizio Lombardi (3):
bnx2fc: remove unused variable hash_table_size
bnx2fc: fix memory leak and potential NULL pointer dereference.
bnx2fc: fix memory leak in bnx2fc_allocate_hash_table()
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 64 +++++++++++++++++++++++-----------------
1 file changed, 37 insertions(+), 27 deletions(-)
--
Maurizio Lombardi
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/3] bnx2fc: remove unused variable hash_table_size
2014-04-01 11:58 [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Maurizio Lombardi
@ 2014-04-01 11:58 ` Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference Maurizio Lombardi
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Maurizio Lombardi @ 2014-04-01 11:58 UTC (permalink / raw)
To: linux-scsi; +Cc: jbottomley, m.lombardi85, eddie.wai
hash_table_size is not used by the bnx2fc_free_hash_table() function.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/scsi/bnx2fc/bnx2fc_hwi.c b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
index 46a3765..261af2a 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_hwi.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
@@ -1966,12 +1966,9 @@ static void bnx2fc_free_hash_table(struct bnx2fc_hba *hba)
{
int i;
int segment_count;
- int hash_table_size;
u32 *pbl;
segment_count = hba->hash_tbl_segment_count;
- hash_table_size = BNX2FC_NUM_MAX_SESS * BNX2FC_MAX_ROWS_IN_HASH_TBL *
- sizeof(struct fcoe_hash_table_entry);
pbl = hba->hash_tbl_pbl;
for (i = 0; i < segment_count; ++i) {
--
Maurizio Lombardi
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference.
2014-04-01 11:58 [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 1/3] bnx2fc: remove unused variable hash_table_size Maurizio Lombardi
@ 2014-04-01 11:58 ` Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 3/3] bnx2fc: fix memory leak in bnx2fc_allocate_hash_table() Maurizio Lombardi
2014-04-01 18:53 ` [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Eddie Wai
3 siblings, 0 replies; 6+ messages in thread
From: Maurizio Lombardi @ 2014-04-01 11:58 UTC (permalink / raw)
To: linux-scsi; +Cc: jbottomley, m.lombardi85, eddie.wai
If bnx2fc_allocate_hash_table() for some reasons fails, it is possible that the
hash_tbl_segments or the hash_tbl_pbl pointers are NULL.
In this case bnx2fc_free_hash_table() will panic the system.
this patch also fixes a memory leak, the hash_tbl_segments pointer was never
freed.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/scsi/bnx2fc/bnx2fc_hwi.c b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
index 261af2a..f83bae4 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_hwi.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
@@ -1968,21 +1968,27 @@ static void bnx2fc_free_hash_table(struct bnx2fc_hba *hba)
int segment_count;
u32 *pbl;
- segment_count = hba->hash_tbl_segment_count;
-
- pbl = hba->hash_tbl_pbl;
- for (i = 0; i < segment_count; ++i) {
- dma_addr_t dma_address;
-
- dma_address = le32_to_cpu(*pbl);
- ++pbl;
- dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
- ++pbl;
- dma_free_coherent(&hba->pcidev->dev,
- BNX2FC_HASH_TBL_CHUNK_SIZE,
- hba->hash_tbl_segments[i],
- dma_address);
+ if (hba->hash_tbl_segments) {
+
+ pbl = hba->hash_tbl_pbl;
+ if (pbl) {
+ segment_count = hba->hash_tbl_segment_count;
+ for (i = 0; i < segment_count; ++i) {
+ dma_addr_t dma_address;
+
+ dma_address = le32_to_cpu(*pbl);
+ ++pbl;
+ dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
+ ++pbl;
+ dma_free_coherent(&hba->pcidev->dev,
+ BNX2FC_HASH_TBL_CHUNK_SIZE,
+ hba->hash_tbl_segments[i],
+ dma_address);
+ }
+ }
+ kfree(hba->hash_tbl_segments);
+ hba->hash_tbl_segments = NULL;
}
if (hba->hash_tbl_pbl) {
--
Maurizio Lombardi
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] bnx2fc: fix memory leak in bnx2fc_allocate_hash_table()
2014-04-01 11:58 [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 1/3] bnx2fc: remove unused variable hash_table_size Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference Maurizio Lombardi
@ 2014-04-01 11:58 ` Maurizio Lombardi
2014-04-01 18:53 ` [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Eddie Wai
3 siblings, 0 replies; 6+ messages in thread
From: Maurizio Lombardi @ 2014-04-01 11:58 UTC (permalink / raw)
To: linux-scsi; +Cc: jbottomley, m.lombardi85, eddie.wai
In case of error, the bnx2fc_allocate_hash_table() didn't free
all the memory it allocated.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/bnx2fc/bnx2fc_hwi.c b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
index f83bae4..512aed3 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_hwi.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
@@ -2026,7 +2026,7 @@ static int bnx2fc_allocate_hash_table(struct bnx2fc_hba *hba)
dma_segment_array = kzalloc(dma_segment_array_size, GFP_KERNEL);
if (!dma_segment_array) {
printk(KERN_ERR PFX "hash table pointers (dma) alloc failed\n");
- return -ENOMEM;
+ goto cleanup_ht;
}
for (i = 0; i < segment_count; ++i) {
@@ -2037,15 +2037,7 @@ static int bnx2fc_allocate_hash_table(struct bnx2fc_hba *hba)
GFP_KERNEL);
if (!hba->hash_tbl_segments[i]) {
printk(KERN_ERR PFX "hash segment alloc failed\n");
- while (--i >= 0) {
- dma_free_coherent(&hba->pcidev->dev,
- BNX2FC_HASH_TBL_CHUNK_SIZE,
- hba->hash_tbl_segments[i],
- dma_segment_array[i]);
- hba->hash_tbl_segments[i] = NULL;
- }
- kfree(dma_segment_array);
- return -ENOMEM;
+ goto cleanup_dma;
}
memset(hba->hash_tbl_segments[i], 0,
BNX2FC_HASH_TBL_CHUNK_SIZE);
@@ -2057,8 +2049,7 @@ static int bnx2fc_allocate_hash_table(struct bnx2fc_hba *hba)
GFP_KERNEL);
if (!hba->hash_tbl_pbl) {
printk(KERN_ERR PFX "hash table pbl alloc failed\n");
- kfree(dma_segment_array);
- return -ENOMEM;
+ goto cleanup_dma;
}
memset(hba->hash_tbl_pbl, 0, PAGE_SIZE);
@@ -2083,6 +2074,22 @@ static int bnx2fc_allocate_hash_table(struct bnx2fc_hba *hba)
}
kfree(dma_segment_array);
return 0;
+
+cleanup_dma:
+ for (i = 0; i < segment_count; ++i) {
+ if (hba->hash_tbl_segments[i])
+ dma_free_coherent(&hba->pcidev->dev,
+ BNX2FC_HASH_TBL_CHUNK_SIZE,
+ hba->hash_tbl_segments[i],
+ dma_segment_array[i]);
+ }
+
+ kfree(dma_segment_array);
+
+cleanup_ht:
+ kfree(hba->hash_tbl_segments);
+ hba->hash_tbl_segments = NULL;
+ return -ENOMEM;
}
/**
--
Maurizio Lombardi
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences
2014-04-01 11:58 [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Maurizio Lombardi
` (2 preceding siblings ...)
2014-04-01 11:58 ` [PATCH 3/3] bnx2fc: fix memory leak in bnx2fc_allocate_hash_table() Maurizio Lombardi
@ 2014-04-01 18:53 ` Eddie Wai
3 siblings, 0 replies; 6+ messages in thread
From: Eddie Wai @ 2014-04-01 18:53 UTC (permalink / raw)
To: Maurizio Lombardi; +Cc: linux-scsi, jbottomley, m.lombardi85
The patchset looks good. Thanks.
Acked-by: Eddie Wai <eddie.wai@broadcom.com>
On Tue, 2014-04-01 at 13:58 +0200, Maurizio Lombardi wrote:
> PATCH 1/3 removes a unused variable from the bnx2fc_free_hash_table() function,
>
> PATCH 2/3 fixes a memory leak and some NULL pointer dereferences in the bnx2fc_free_hash_table() function
> that may happen if bnx2fc_allocate_hash_table() fails.
>
> PATCH 3/3 fixes a memory leak in the bnx2fc_allocate_hash_table() function.
>
> Maurizio Lombardi (3):
> bnx2fc: remove unused variable hash_table_size
> bnx2fc: fix memory leak and potential NULL pointer dereference.
> bnx2fc: fix memory leak in bnx2fc_allocate_hash_table()
>
> drivers/scsi/bnx2fc/bnx2fc_hwi.c | 64 +++++++++++++++++++++++-----------------
> 1 file changed, 37 insertions(+), 27 deletions(-)
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference.
2014-03-10 10:03 [PATCH v2 " Maurizio Lombardi
@ 2014-03-10 10:03 ` Maurizio Lombardi
0 siblings, 0 replies; 6+ messages in thread
From: Maurizio Lombardi @ 2014-03-10 10:03 UTC (permalink / raw)
To: eddie.wai; +Cc: linux-scsi, jbottomley, m.lombardi85
If bnx2fc_allocate_hash_table() for some reasons fails, it is possible that the
hash_tbl_segments or the hash_tbl_pbl pointers are NULL.
In this case bnx2fc_free_hash_table() will panic the system.
this patch also fixes a memory leak, the hash_tbl_segments pointer was never
freed.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/scsi/bnx2fc/bnx2fc_hwi.c b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
index 261af2a..f83bae4 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_hwi.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
@@ -1968,21 +1968,27 @@ static void bnx2fc_free_hash_table(struct bnx2fc_hba *hba)
int segment_count;
u32 *pbl;
- segment_count = hba->hash_tbl_segment_count;
-
- pbl = hba->hash_tbl_pbl;
- for (i = 0; i < segment_count; ++i) {
- dma_addr_t dma_address;
-
- dma_address = le32_to_cpu(*pbl);
- ++pbl;
- dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
- ++pbl;
- dma_free_coherent(&hba->pcidev->dev,
- BNX2FC_HASH_TBL_CHUNK_SIZE,
- hba->hash_tbl_segments[i],
- dma_address);
+ if (hba->hash_tbl_segments) {
+
+ pbl = hba->hash_tbl_pbl;
+ if (pbl) {
+ segment_count = hba->hash_tbl_segment_count;
+ for (i = 0; i < segment_count; ++i) {
+ dma_addr_t dma_address;
+
+ dma_address = le32_to_cpu(*pbl);
+ ++pbl;
+ dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
+ ++pbl;
+ dma_free_coherent(&hba->pcidev->dev,
+ BNX2FC_HASH_TBL_CHUNK_SIZE,
+ hba->hash_tbl_segments[i],
+ dma_address);
+ }
+ }
+ kfree(hba->hash_tbl_segments);
+ hba->hash_tbl_segments = NULL;
}
if (hba->hash_tbl_pbl) {
--
Maurizio Lombardi
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-04-01 18:56 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-01 11:58 [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 1/3] bnx2fc: remove unused variable hash_table_size Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference Maurizio Lombardi
2014-04-01 11:58 ` [PATCH 3/3] bnx2fc: fix memory leak in bnx2fc_allocate_hash_table() Maurizio Lombardi
2014-04-01 18:53 ` [PATCH v3 0/3] bnx2fc: fix memory leaks and NULL pointer dereferences Eddie Wai
-- strict thread matches above, loose matches on Subject: below --
2014-03-10 10:03 [PATCH v2 " Maurizio Lombardi
2014-03-10 10:03 ` [PATCH 2/3] bnx2fc: fix memory leak and potential NULL pointer dereference Maurizio Lombardi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.