提交 9422e864 编写于 作者: T Tomas Henzl 提交者: Christoph Hellwig

pm8001: fix a memory leak in flash_update

ccb->fw_control_context is copied to local fw_control_context and
the local variable is never used later

Free ccb->fw_control_context.  The task is forgotten thus also the
reference to fw_control_context and the completion thread takes the info
from virt_ptr again.
Signed-off-by: NTomas Henzl <thenzl@redhat.com>
Acked-by: NSuresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Signed-off-by: NChristoph Hellwig <hch@lst.de>
上级 da225498
......@@ -3624,15 +3624,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
void *piomb)
{
u32 status;
struct fw_control_ex fw_control_context;
struct fw_flash_Update_resp *ppayload =
(struct fw_flash_Update_resp *)(piomb + 4);
u32 tag = le32_to_cpu(ppayload->tag);
struct pm8001_ccb_info *ccb = &pm8001_ha->ccb_info[tag];
status = le32_to_cpu(ppayload->status);
memcpy(&fw_control_context,
ccb->fw_control_context,
sizeof(fw_control_context));
switch (status) {
case FLASH_UPDATE_COMPLETE_PENDING_REBOOT:
PM8001_MSG_DBG(pm8001_ha,
......@@ -3675,11 +3671,11 @@ int pm8001_mpi_fw_flash_update_resp(struct pm8001_hba_info *pm8001_ha,
pm8001_printk("No matched status = %d\n", status));
break;
}
ccb->fw_control_context->fw_control->retcode = status;
complete(pm8001_ha->nvmd_completion);
kfree(ccb->fw_control_context);
ccb->task = NULL;
ccb->ccb_tag = 0xFFFFFFFF;
pm8001_tag_free(pm8001_ha, tag);
complete(pm8001_ha->nvmd_completion);
return 0;
}
......@@ -4884,6 +4880,10 @@ int pm8001_chip_set_nvmd_req(struct pm8001_hba_info *pm8001_ha,
break;
}
rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &nvmd_req, 0);
if (rc) {
kfree(fw_control_context);
pm8001_tag_free(pm8001_ha, tag);
}
return rc;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册