Stanse found a memory leak on one fail path in aac_send_raw_srb. Add kfree
there.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
---
drivers/scsi/aacraid/commctrl.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 0391d75..5c9a8be 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -649,6 +649,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
AAC_OPT_NEW_COMM) ?
(dev->scsi_host_ptr->max_sectors << 9) :
65536) {
+ kfree (usg);
rcode = -EINVAL;
goto cleanup;
}
--
1.6.4.2
Stanse found that c3cn is poked many times around in
cxgb3i_conn_pdu_ready, there is no need to check if it is NULL.
Remove the test.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
---
drivers/scsi/cxgb3i/cxgb3i_pdu.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/cxgb3i/cxgb3i_pdu.c b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
index 7091050..64bbc28 100644
--- a/drivers/scsi/cxgb3i/cxgb3i_pdu.c
+++ b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
@@ -461,10 +461,8 @@ void cxgb3i_conn_pdu_ready(struct s3_conn *c3cn)
skb = skb_peek(&c3cn->receive_queue);
}
read_unlock(&c3cn->callback_lock);
- if (c3cn) {
- c3cn->copied_seq += read;
- cxgb3i_c3cn_rx_credits(c3cn, read);
- }
+ c3cn->copied_seq += read;
+ cxgb3i_c3cn_rx_credits(c3cn, read);
conn->rxdata_octets += read;
if (err) {
--
1.6.4.2
Stanse found a memory leak on one fail path in lpfc_sli4_read_rev.
Add there kfree.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: James Smart <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
---
drivers/scsi/lpfc/lpfc_sli.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 43cbe33..7750868 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -4211,6 +4211,7 @@ lpfc_sli4_read_rev(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq,
if (rc) {
dma_free_coherent(&phba->pcidev->dev, dma_size,
dmabuf->virt, dmabuf->phys);
+ kfree(dmabuf);
return -EIO;
}
--
1.6.4.2
Stanse found a potential NULL dereference in scsi_kill_request.
Instead of triggering BUG() in 'if (unlikely(cmd == NULL))' branch,
the kernel will Oops earlier on cmd dereference.
Move the dereferences after the if.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
---
drivers/scsi/scsi_lib.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index ed98279..47ee130 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1359,9 +1359,9 @@ static int scsi_lld_busy(struct request_queue *q)
static void scsi_kill_request(struct request *req, struct request_queue *q)
{
struct scsi_cmnd *cmd = req->special;
- struct scsi_device *sdev = cmd->device;
- struct scsi_target *starget = scsi_target(sdev);
- struct Scsi_Host *shost = sdev->host;
+ struct scsi_device *sdev;
+ struct scsi_target *starget;
+ struct Scsi_Host *shost;
blk_start_request(req);
@@ -1371,6 +1371,9 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
BUG();
}
+ sdev = cmd->device;
+ starget = scsi_target(sdev);
+ shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
atomic_inc(&cmd->device->iorequest_cnt);
--
1.6.4.2
Adding Karen and removing adaptec since this is chelsio's driver.
Jiri Slaby wrote:
> Stanse found that c3cn is poked many times around in
> cxgb3i_conn_pdu_ready, there is no need to check if it is NULL.
>
> Remove the test.
>
> Signed-off-by: Jiri Slaby <[email protected]>
> Cc: James E.J. Bottomley <[email protected]>
> ---
> drivers/scsi/cxgb3i/cxgb3i_pdu.c | 6 ++----
> 1 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/scsi/cxgb3i/cxgb3i_pdu.c b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
> index 7091050..64bbc28 100644
> --- a/drivers/scsi/cxgb3i/cxgb3i_pdu.c
> +++ b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
> @@ -461,10 +461,8 @@ void cxgb3i_conn_pdu_ready(struct s3_conn *c3cn)
> skb = skb_peek(&c3cn->receive_queue);
> }
> read_unlock(&c3cn->callback_lock);
> - if (c3cn) {
> - c3cn->copied_seq += read;
> - cxgb3i_c3cn_rx_credits(c3cn, read);
> - }
> + c3cn->copied_seq += read;
> + cxgb3i_c3cn_rx_credits(c3cn, read);
> conn->rxdata_octets += read;
>
> if (err) {
Looks ok to me. The null check was useless since we access c3cn all over
the function and would have oopsed before we got there.
Reviewed-by: Mike Christie <[email protected]>
Yes, the check is not necessary.
Thanks,
Karen
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jiri Slaby
Sent: Wednesday, November 04, 2009 8:15 AM
To: [email protected]
Cc: [email protected]; [email protected];
[email protected]; [email protected]; Jiri Slaby
Subject: [PATCH -2nd repost 2/4] SCSI: remove unnecessary NULL test
Stanse found that c3cn is poked many times around in
cxgb3i_conn_pdu_ready, there is no need to check if it is NULL.
Remove the test.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: James E.J. Bottomley <[email protected]>
---
drivers/scsi/cxgb3i/cxgb3i_pdu.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/cxgb3i/cxgb3i_pdu.c
b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
index 7091050..64bbc28 100644
--- a/drivers/scsi/cxgb3i/cxgb3i_pdu.c
+++ b/drivers/scsi/cxgb3i/cxgb3i_pdu.c
@@ -461,10 +461,8 @@ void cxgb3i_conn_pdu_ready(struct s3_conn *c3cn)
skb = skb_peek(&c3cn->receive_queue);
}
read_unlock(&c3cn->callback_lock);
- if (c3cn) {
- c3cn->copied_seq += read;
- cxgb3i_c3cn_rx_credits(c3cn, read);
- }
+ c3cn->copied_seq += read;
+ cxgb3i_c3cn_rx_credits(c3cn, read);
conn->rxdata_octets += read;
if (err) {
--
1.6.4.2