Re: [PATCH V2 05/15] aacraid: Fix memory leak in fib init path

[Johannes Thumshirn]

On 02/16/2017 09:51 PM, Raghava Aditya Renukunta wrote:
> aac_fib_map_free frees misaligned fib dma memory, additionally it does not
> free up the whole memory.
> 
> Fixed by changing the  code to free up the correct and full memory
> allocation.
> 
> Cc: sta...@vger.kernel.org
> Fixes: e8b12f0fb835223 ([SCSI] aacraid: Add new code for PMC-Sierra's SRC 
> based controller family)
> Signed-off-by: Raghava Aditya Renukunta 
> 
> Reviewed-by: David Carroll 
> 
> ---
> Changes in V2:
> Refactored memory free code to make it easier to understand


Thanks,
Reviewed-by: Johannes Thumshirn 


-- 
Johannes Thumshirn  Storage
jthumsh...@suse.de+49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850

[PATCH V2 05/15] aacraid: Fix memory leak in fib init path

[Raghava Aditya Renukunta]

aac_fib_map_free frees misaligned fib dma memory, additionally it does not
free up the whole memory.

Fixed by changing the  code to free up the correct and full memory
allocation.

Cc: sta...@vger.kernel.org
Fixes: e8b12f0fb835223 ([SCSI] aacraid: Add new code for PMC-Sierra's SRC based 
controller family)
Signed-off-by: Raghava Aditya Renukunta 
Reviewed-by: David Carroll 

---
Changes in V2:
Refactored memory free code to make it easier to understand

 drivers/scsi/aacraid/commsup.c | 36 +---
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
index e221321..c10954b 100644
--- a/drivers/scsi/aacraid/commsup.c
+++ b/drivers/scsi/aacraid/commsup.c
@@ -95,12 +95,20 @@ static int fib_map_alloc(struct aac_dev *dev)
 
 void aac_fib_map_free(struct aac_dev *dev)
 {
-   if (dev->hw_fib_va && dev->max_cmd_size) {
-   pci_free_consistent(dev->pdev,
-   (dev->max_cmd_size *
-   (dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB)),
-   dev->hw_fib_va, dev->hw_fib_pa);
-   }
+   size_t alloc_size;
+   size_t fib_size;
+   int num_fibs;
+
+   if(!dev->hw_fib_va || !dev->max_cmd_size)
+   return;
+
+   num_fibs = dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB;
+   fib_size = dev->max_fib_size + sizeof(struct aac_fib_xporthdr);
+   alloc_size = fib_size * num_fibs + ALIGN32 - 1;
+
+   pci_free_consistent(dev->pdev, alloc_size, dev->hw_fib_va,
+   dev->hw_fib_pa);
+
dev->hw_fib_va = NULL;
dev->hw_fib_pa = 0;
 }
@@ -153,22 +161,20 @@ int aac_fib_setup(struct aac_dev * dev)
if (i<0)
return -ENOMEM;
 
-   /* 32 byte alignment for PMC */
-   hw_fib_pa = (dev->hw_fib_pa + (ALIGN32 - 1)) & ~(ALIGN32 - 1);
-   dev->hw_fib_va = (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
-   (hw_fib_pa - dev->hw_fib_pa));
-   dev->hw_fib_pa = hw_fib_pa;
memset(dev->hw_fib_va, 0,
(dev->max_cmd_size + sizeof(struct aac_fib_xporthdr)) *
(dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB));
 
+   /* 32 byte alignment for PMC */
+   hw_fib_pa = (dev->hw_fib_pa + (ALIGN32 - 1)) & ~(ALIGN32 - 1);
+   hw_fib= (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
+   (hw_fib_pa - dev->hw_fib_pa));
+
/* add Xport header */
-   dev->hw_fib_va = (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
+   hw_fib = (struct hw_fib *)((unsigned char *)hw_fib +
sizeof(struct aac_fib_xporthdr));
-   dev->hw_fib_pa += sizeof(struct aac_fib_xporthdr);
+   hw_fib_pa += sizeof(struct aac_fib_xporthdr);
 
-   hw_fib = dev->hw_fib_va;
-   hw_fib_pa = dev->hw_fib_pa;
/*
 *  Initialise the fibs
 */
-- 
2.7.4