Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933152AbcDKNu0 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 11 Apr 2016 09:50:26 -0400
Received: from mx2.suse.de ([195.135.220.15]:37403 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932413AbcDKNYB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 11 Apr 2016 09:24:01 -0400
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
        Raghava Aditya Renukunta <raghavaaditya.renukunta@pmcs.com>,
        "Martin K . Petersen" <martin.petersen@oracle.com>,
        Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 43/98] aacraid: Fix memory leak in aac_fib_map_free
Date: Mon, 11 Apr 2016 15:22:45 +0200
Message-Id: <8ddd3dc424ec4ddb98b0a58ec72837c6c7ea2768.1460380917.git.jslaby@suse.cz>
X-Mailer: git-send-email 2.8.1
In-Reply-To: <def91dea48a3acb14c2379b9461ae659d95616a2.1460380917.git.jslaby@suse.cz>
References: <def91dea48a3acb14c2379b9461ae659d95616a2.1460380917.git.jslaby@suse.cz>
In-Reply-To: <cover.1460380917.git.jslaby@suse.cz>
References: <cover.1460380917.git.jslaby@suse.cz>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1847
Lines: 49

From: Raghava Aditya Renukunta <raghavaaditya.renukunta@pmcs.com>

3.12-stable review patch.  If anyone has any objections, please let me know.

===============

commit f88fa79a61726ce9434df9b4aede36961f709f17 upstream.

aac_fib_map_free() calls pci_free_consistent() without checking that
dev->hw_fib_va is not NULL and dev->max_fib_size is not zero.If they are
indeed NULL/0, this will result in a hang as pci_free_consistent() will
attempt to invalidate cache for the entire 64-bit address space
(which would take a very long time).

Fixed by adding a check to make sure that dev->hw_fib_va and
dev->max_fib_size are not NULL and 0 respectively.

Fixes: 9ad5204d6 - "[SCSI]aacraid: incorrect dma mapping mask during blinked recover or user initiated reset"
Signed-off-by: Raghava Aditya Renukunta <raghavaaditya.renukunta@pmcs.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/scsi/aacraid/commsup.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
index cab190af6345..6b32ddcefc11 100644
--- a/drivers/scsi/aacraid/commsup.c
+++ b/drivers/scsi/aacraid/commsup.c
@@ -83,9 +83,12 @@ static int fib_map_alloc(struct aac_dev *dev)
 
 void aac_fib_map_free(struct aac_dev *dev)
 {
-	pci_free_consistent(dev->pdev,
-	  dev->max_fib_size * (dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB),
-	  dev->hw_fib_va, dev->hw_fib_pa);
+	if (dev->hw_fib_va && dev->max_fib_size) {
+		pci_free_consistent(dev->pdev,
+		(dev->max_fib_size *
+		(dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB)),
+		dev->hw_fib_va, dev->hw_fib_pa);
+	}
 	dev->hw_fib_va = NULL;
 	dev->hw_fib_pa = 0;
 }
-- 
2.8.1