summaryrefslogtreecommitdiff
path: root/drivers/scsi/bnx2fc/bnx2fc_hwi.c
diff options
context:
space:
mode:
authorMaurizio Lombardi <mlombard@redhat.com>2014-04-01 13:58:21 +0200
committerChristoph Hellwig <hch@lst.de>2014-05-19 19:29:57 +0200
commit91d9f809da44b42de95a0b9058deea7268bde3c2 (patch)
tree357e90d1a9f23f6244d45fb0c5bafd47982aa653 /drivers/scsi/bnx2fc/bnx2fc_hwi.c
parentb044d1498cbfef5e11c9c390288f4b841c9b328c (diff)
downloadlwn-91d9f809da44b42de95a0b9058deea7268bde3c2.tar.gz
lwn-91d9f809da44b42de95a0b9058deea7268bde3c2.zip
bnx2fc: fix memory leak and potential NULL pointer dereference.
If bnx2fc_allocate_hash_table() for some reasons fails, it is possible that the hash_tbl_segments or the hash_tbl_pbl pointers are NULL. In this case bnx2fc_free_hash_table() will panic the system. this patch also fixes a memory leak, the hash_tbl_segments pointer was never freed. Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Acked-by: Eddie Wai <eddie.wai@broadcom.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/scsi/bnx2fc/bnx2fc_hwi.c')
-rw-r--r--drivers/scsi/bnx2fc/bnx2fc_hwi.c34
1 files changed, 20 insertions, 14 deletions
diff --git a/drivers/scsi/bnx2fc/bnx2fc_hwi.c b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
index 261af2a41d24..f83bae48e6b7 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_hwi.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_hwi.c
@@ -1968,21 +1968,27 @@ static void bnx2fc_free_hash_table(struct bnx2fc_hba *hba)
int segment_count;
u32 *pbl;
- segment_count = hba->hash_tbl_segment_count;
-
- pbl = hba->hash_tbl_pbl;
- for (i = 0; i < segment_count; ++i) {
- dma_addr_t dma_address;
-
- dma_address = le32_to_cpu(*pbl);
- ++pbl;
- dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
- ++pbl;
- dma_free_coherent(&hba->pcidev->dev,
- BNX2FC_HASH_TBL_CHUNK_SIZE,
- hba->hash_tbl_segments[i],
- dma_address);
+ if (hba->hash_tbl_segments) {
+
+ pbl = hba->hash_tbl_pbl;
+ if (pbl) {
+ segment_count = hba->hash_tbl_segment_count;
+ for (i = 0; i < segment_count; ++i) {
+ dma_addr_t dma_address;
+
+ dma_address = le32_to_cpu(*pbl);
+ ++pbl;
+ dma_address += ((u64)le32_to_cpu(*pbl)) << 32;
+ ++pbl;
+ dma_free_coherent(&hba->pcidev->dev,
+ BNX2FC_HASH_TBL_CHUNK_SIZE,
+ hba->hash_tbl_segments[i],
+ dma_address);
+ }
+ }
+ kfree(hba->hash_tbl_segments);
+ hba->hash_tbl_segments = NULL;
}
if (hba->hash_tbl_pbl) {