Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751726AbdGUKyZ (ORCPT <rfc822;w@1wt.eu>);
        Fri, 21 Jul 2017 06:54:25 -0400
Received: from mx1.redhat.com ([209.132.183.28]:46468 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750745AbdGUKyX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Jul 2017 06:54:23 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 175C080484
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=shuwang@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 175C080484
From: shuwang@redhat.com
To: kashyap.desai@broadcom.com, sumit.saxena@broadcom.com,
        shivasharan.srikanteshwara@broadcom.com, jejb@linux.vnet.ibm.com,
        martin.petersen@oracle.com
Cc: megaraidlinux.pdl@broadcom.com, linux-scsi@vger.kernel.org,
        linux-kernel@vger.kernel.org, chuhu@redhat.com, liwang@redhat.com,
        Shu Wang <shuwang@redhat.com>
Subject: [PATCH] scsi: megaraid_sas: fix memleak in megasas_alloc_cmdlist_fusion
Date: Fri, 21 Jul 2017 18:54:09 +0800
Message-Id: <1500634449-10837-1-git-send-email-shuwang@redhat.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 21 Jul 2017 10:54:23 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3747
Lines: 86

From: Shu Wang <shuwang@redhat.com>

Found this issue by kmemleak, a few kb mem was leaked in
megasas_alloc_cmdlist_fusion when kzalloc failed for one
megasas_cmd_fusion allocation.

unreferenced object 0xffff88045dbd2000 (size 8192):
  comm "systemd-udevd", pid 323, jiffies 4294671759 (age 49.008s)
  backtrace:
    [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff812186a8>] __kmalloc+0xe8/0x220
    [<ffffffffc0060594>] megasas_alloc_cmdlist_fusion+0x34/0xe0 [megaraid_sas]
(gdb) list *megasas_alloc_cmdlist_fusion+0x34
0xd5c4 is in megasas_alloc_cmdlist_fusion
               (drivers/scsi/megaraid/megaraid_sas_fusion.c:443).
    [<ffffffffc0060ca5>] megasas_alloc_cmds_fusion+0x25/0x410 [megaraid_sas]
    [<ffffffffc0061edf>] megasas_init_adapter_fusion+0x21f/0x640 [megaraid_sas]
    [<ffffffffc005df17>] megasas_init_fw+0x357/0xd30 [megaraid_sas]
    [<ffffffffc005ef26>] megasas_probe_one.part.33+0x636/0x1100 [megaraid_sas]
    [<ffffffffc005fa36>] megasas_probe_one+0x46/0xc0 [megaraid_sas]
    [<ffffffff813d2ca5>] local_pci_probe+0x45/0xa0
    [<ffffffff813d4222>] pci_device_probe+0x192/0x1b0
    [<ffffffff814e3658>] driver_probe_device+0x2a8/0x460
    [<ffffffff814e38ed>] __driver_attach+0xdd/0xe0
    [<ffffffff814e124c>] bus_for_each_dev+0x6c/0xc0
    [<ffffffff814e2dde>] driver_attach+0x1e/0x20
    [<ffffffff814e2775>] bus_add_driver+0x45/0x270
    [<ffffffff814e4400>] driver_register+0x60/0xe0
unreferenced object 0xffff880454ce3600 (size 192):
  backtrace:
    [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff8121801a>] kmem_cache_alloc_trace+0xca/0x1d0
    [<ffffffffc00605d7>] megasas_alloc_cmdlist_fusion+0x77/0xe0 [megaraid_sas]
(gdb) list *megasas_alloc_cmdlist_fusion+0x77
0xd607 is in megasas_alloc_cmdlist_fusion
                (drivers/scsi/megaraid/megaraid_sas_fusion.c:450).
    [<ffffffffc0060ca5>] megasas_alloc_cmds_fusion+0x25/0x410 [megaraid_sas]
    [<ffffffffc0061edf>] megasas_init_adapter_fusion+0x21f/0x640 [megaraid_sas]
    [<ffffffffc005df17>] megasas_init_fw+0x357/0xd30 [megaraid_sas]
    [<ffffffffc005ef26>] megasas_probe_one.part.33+0x636/0x1100 [megaraid_sas]
    [<ffffffffc005fa36>] megasas_probe_one+0x46/0xc0 [megaraid_sas]
    [<ffffffff813d2ca5>] local_pci_probe+0x45/0xa0
    [<ffffffff813d4222>] pci_device_probe+0x192/0x1b0
    [<ffffffff814e3658>] driver_probe_device+0x2a8/0x460
    [<ffffffff814e38ed>] __driver_attach+0xdd/0xe0
    [<ffffffff814e124c>] bus_for_each_dev+0x6c/0xc0
    [<ffffffff814e2dde>] driver_attach+0x1e/0x20
    [<ffffffff814e2775>] bus_add_driver+0x45/0x270
    [<ffffffff814e4400>] driver_register+0x60/0xe0

Signed-off-by: Shu Wang <shuwang@redhat.com>
---
 drivers/scsi/megaraid/megaraid_sas_fusion.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
index f990ab4d..9855106 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
@@ -425,7 +425,7 @@ static int megasas_create_sg_sense_fusion(struct megasas_instance *instance)
 int
 megasas_alloc_cmdlist_fusion(struct megasas_instance *instance)
 {
-	u32 max_mpt_cmd, i;
+	u32 max_mpt_cmd, i, j;
 	struct fusion_context *fusion;
 
 	fusion = instance->ctrl_context;
@@ -450,11 +450,15 @@ megasas_alloc_cmdlist_fusion(struct megasas_instance *instance)
 		fusion->cmd_list[i] = kzalloc(sizeof(struct megasas_cmd_fusion),
 					      GFP_KERNEL);
 		if (!fusion->cmd_list[i]) {
+			for (j = 0; j < i; j++)
+				kfree(fusion->cmd_list[j]);
+			kfree(fusion->cmd_list);
 			dev_err(&instance->pdev->dev,
 				"Failed from %s %d\n",  __func__, __LINE__);
 			return -ENOMEM;
 		}
 	}
+
 	return 0;
 }
 int
-- 
2.5.0