When phba->mbox_ext_buf_ctx.seqNum != phba->mbox_ext_buf_ctx.numBuf,
dd_data should be freed before return SLI_CONFIG_HANDLED.
When lpfc_sli_issue_mbox func return fails, pmboxq should be also freed in job_error tag.
Signed-off-by:Bo wu <[email protected]>
Reviewed-by:Zhiqiang Liu <[email protected]>
---
drivers/scsi/lpfc/lpfc_bsg.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_bsg.c b/drivers/scsi/lpfc/lpfc_bsg.c
index 39a736b887b1..6c2b03415a2c 100644
--- a/drivers/scsi/lpfc/lpfc_bsg.c
+++ b/drivers/scsi/lpfc/lpfc_bsg.c
@@ -4489,12 +4489,6 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
phba->mbox_ext_buf_ctx.seqNum++;
nemb_tp = phba->mbox_ext_buf_ctx.nembType;
- dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL);
- if (!dd_data) {
- rc = -ENOMEM;
- goto job_error;
- }
-
pbuf = (uint8_t *)dmabuf->virt;
size = job->request_payload.payload_len;
sg_copy_to_buffer(job->request_payload.sg_list,
@@ -4531,6 +4525,13 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
"2968 SLI_CONFIG ext-buffer wr all %d "
"ebuffers received\n",
phba->mbox_ext_buf_ctx.numBuf);
+
+ dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL);
+ if (!dd_data) {
+ rc = -ENOMEM;
+ goto job_error;
+ }
+
/* mailbox command structure for base driver */
pmboxq = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
if (!pmboxq) {
@@ -4579,6 +4580,8 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
return SLI_CONFIG_HANDLED;
job_error:
+ if (pmboxq)
+ mempool_free(pmboxq, phba->mbox_mem_pool);
lpfc_bsg_dma_page_free(phba, dmabuf);
kfree(dd_data);
--
2.19.1
On 12/6/2019 7:22 PM, wubo (T) wrote:
> When phba->mbox_ext_buf_ctx.seqNum != phba->mbox_ext_buf_ctx.numBuf,
> dd_data should be freed before return SLI_CONFIG_HANDLED.
>
> When lpfc_sli_issue_mbox func return fails, pmboxq should be also freed in job_error tag.
>
>
> Signed-off-by:Bo wu <[email protected]>
> Reviewed-by:Zhiqiang Liu <[email protected]>
> ---
> drivers/scsi/lpfc/lpfc_bsg.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_bsg.c b/drivers/scsi/lpfc/lpfc_bsg.c
> index 39a736b887b1..6c2b03415a2c 100644
> --- a/drivers/scsi/lpfc/lpfc_bsg.c
> +++ b/drivers/scsi/lpfc/lpfc_bsg.c
> @@ -4489,12 +4489,6 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
> phba->mbox_ext_buf_ctx.seqNum++;
> nemb_tp = phba->mbox_ext_buf_ctx.nembType;
>
> - dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL);
> - if (!dd_data) {
> - rc = -ENOMEM;
> - goto job_error;
> - }
> -
> pbuf = (uint8_t *)dmabuf->virt;
> size = job->request_payload.payload_len;
> sg_copy_to_buffer(job->request_payload.sg_list,
> @@ -4531,6 +4525,13 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
> "2968 SLI_CONFIG ext-buffer wr all %d "
> "ebuffers received\n",
> phba->mbox_ext_buf_ctx.numBuf);
> +
> + dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL);
> + if (!dd_data) {
> + rc = -ENOMEM;
> + goto job_error;
> + }
> +
> /* mailbox command structure for base driver */
> pmboxq = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
> if (!pmboxq) {
> @@ -4579,6 +4580,8 @@ lpfc_bsg_write_ebuf_set(struct lpfc_hba *phba, struct bsg_job *job,
> return SLI_CONFIG_HANDLED;
>
> job_error:
> + if (pmboxq)
> + mempool_free(pmboxq, phba->mbox_mem_pool);
> lpfc_bsg_dma_page_free(phba, dmabuf);
> kfree(dd_data);
>
Looks good!
Reviewed-by: James Smart <[email protected]>
-- james
wubo,
> When phba->mbox_ext_buf_ctx.seqNum != phba->mbox_ext_buf_ctx.numBuf,
> dd_data should be freed before return SLI_CONFIG_HANDLED.
>
> When lpfc_sli_issue_mbox func return fails, pmboxq should be also
> freed in job_error tag.
Applied to 5.5/scsi-fixes.
Please make sure your Author: string matches your Signed-off-by:. Also,
please use checkpatch!
--
Martin K. Petersen Oracle Linux Engineering