From: Colin Ian King <[email protected]>
Currently there is an error return path that neglects to free the
allocation for lcb_context. Fix this by adding a new error free
exit path that kfree's lcb_context before returning. Use this new
kfree exit path in another exit error path that also kfree's the same
object, allowing a line of code to be removed.
Addresses-Coverity: ("Resource leak")
Fixes: 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference taking")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/scsi/lpfc/lpfc_els.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 03f47d1b21fe..0d3271b4c130 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -6515,18 +6515,20 @@ lpfc_els_rcv_lcb(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
lcb_context->ndlp = lpfc_nlp_get(ndlp);
if (!lcb_context->ndlp) {
rjt_err = LSRJT_UNABLE_TPC;
- goto rjt;
+ goto rjt_free;
}
if (lpfc_sli4_set_beacon(vport, lcb_context, state)) {
lpfc_printf_vlog(ndlp->vport, KERN_ERR, LOG_TRACE_EVENT,
"0193 failed to send mail box");
- kfree(lcb_context);
lpfc_nlp_put(ndlp);
rjt_err = LSRJT_UNABLE_TPC;
- goto rjt;
+ goto rjt_free;
}
return 0;
+
+rjt_free:
+ kfree(lcb_context);
rjt:
memset(&stat, 0, sizeof(stat));
stat.un.b.lsRjtRsnCode = rjt_err;
--
2.28.0
On 11/18/2020 6:13 AM, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Currently there is an error return path that neglects to free the
> allocation for lcb_context. Fix this by adding a new error free
> exit path that kfree's lcb_context before returning. Use this new
> kfree exit path in another exit error path that also kfree's the same
> object, allowing a line of code to be removed.
>
> Addresses-Coverity: ("Resource leak")
> Fixes: 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference taking")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/scsi/lpfc/lpfc_els.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
> index 03f47d1b21fe..0d3271b4c130 100644
> --- a/drivers/scsi/lpfc/lpfc_els.c
> +++ b/drivers/scsi/lpfc/lpfc_els.c
> @@ -6515,18 +6515,20 @@ lpfc_els_rcv_lcb(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
> lcb_context->ndlp = lpfc_nlp_get(ndlp);
> if (!lcb_context->ndlp) {
> rjt_err = LSRJT_UNABLE_TPC;
> - goto rjt;
> + goto rjt_free;
> }
>
> if (lpfc_sli4_set_beacon(vport, lcb_context, state)) {
> lpfc_printf_vlog(ndlp->vport, KERN_ERR, LOG_TRACE_EVENT,
> "0193 failed to send mail box");
> - kfree(lcb_context);
> lpfc_nlp_put(ndlp);
> rjt_err = LSRJT_UNABLE_TPC;
> - goto rjt;
> + goto rjt_free;
> }
> return 0;
> +
> +rjt_free:
> + kfree(lcb_context);
> rjt:
> memset(&stat, 0, sizeof(stat));
> stat.un.b.lsRjtRsnCode = rjt_err;
Looks good.
Reviewed-by: James Smart <[email protected]>
-- james
Colin,
> Currently there is an error return path that neglects to free the
> allocation for lcb_context. Fix this by adding a new error free exit
> path that kfree's lcb_context before returning. Use this new kfree
> exit path in another exit error path that also kfree's the same
> object, allowing a line of code to be removed.
Applied to 5.11/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Wed, 18 Nov 2020 14:13:14 +0000, Colin King wrote:
> Currently there is an error return path that neglects to free the
> allocation for lcb_context. Fix this by adding a new error free
> exit path that kfree's lcb_context before returning. Use this new
> kfree exit path in another exit error path that also kfree's the same
> object, allowing a line of code to be removed.
Applied to 5.11/scsi-queue, thanks!
[1/1] scsi: lpfc: Fix memory leak on lcb_context
https://git.kernel.org/mkp/scsi/c/14c1dd950411
--
Martin K. Petersen Oracle Linux Engineering