Once we've called request_firmware() we must remember to call
release_firmware() to free memory. We don't currently do this in
bfad_read_firmware(); causing a memory leak.
Signed-off-by: Jesper Juhl <[email protected]>
Acked-by: Jing Huang <[email protected]>
---
bfad.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
Could someone merge this please?
diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
index 44524cf..d7bafeb 100644
--- a/drivers/scsi/bfa/bfad.c
+++ b/drivers/scsi/bfa/bfad.c
@@ -1558,23 +1558,22 @@ bfad_read_firmware(struct pci_dev *pdev, u32 **bfi_image,
if (request_firmware(&fw, fw_name, &pdev->dev)) {
printk(KERN_ALERT "Can't locate firmware %s\n", fw_name);
- goto error;
+ *bfi_image = NULL;
+ goto out;
}
*bfi_image = vmalloc(fw->size);
if (NULL == *bfi_image) {
printk(KERN_ALERT "Fail to allocate buffer for fw image "
"size=%x!\n", (u32) fw->size);
- goto error;
+ goto out;
}
memcpy(*bfi_image, fw->data, fw->size);
*bfi_image_size = fw->size/sizeof(u32);
-
+out:
+ release_firmware(fw);
return *bfi_image;
-
-error:
- return NULL;
}
u32 *
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
Am Donnerstag, 24. M?rz 2011, 00:00:39 schrieb Jesper Juhl:
> Once we've called request_firmware() we must remember to call
> release_firmware() to free memory. We don't currently do this in
> bfad_read_firmware(); causing a memory leak.
>
> Signed-off-by: Jesper Juhl <[email protected]>
> Acked-by: Jing Huang <[email protected]>
> ---
> bfad.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> Could someone merge this please?
>
> diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
> index 44524cf..d7bafeb 100644
> --- a/drivers/scsi/bfa/bfad.c
> +++ b/drivers/scsi/bfa/bfad.c
> @@ -1558,23 +1558,22 @@ bfad_read_firmware(struct pci_dev *pdev, u32
> **bfi_image,
>
> if (request_firmware(&fw, fw_name, &pdev->dev)) {
> printk(KERN_ALERT "Can't locate firmware %s\n", fw_name);
> - goto error;
> + *bfi_image = NULL;
> + goto out;
> }
A simple "return NULL;" here is enough, there is nothing that could be freed
later on.
Looking a bit deeper I think the interface of this function is totally b0rked:
-it has a return value that is always the same as one of the arguments
(+dereference)
-noone ever checks this return value
-at least in my tree it is never called from anywhere outside this file but is
still exported and not static
Eike