qedr: Fix possible memory leak in qedr_create_qp()
authorWei Yongjun <weiyongjun1@huawei.com>
Fri, 28 Oct 2016 16:33:47 +0000 (16:33 +0000)
committerDoug Ledford <dledford@redhat.com>
Wed, 14 Dec 2016 16:18:17 +0000 (11:18 -0500)
'qp' is malloced in qedr_create_qp() and should be freed before leaving
from the error handling cases, otherwise it will cause memory leak.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Ram Amrani <Ram.Amrani@cavium.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/hw/qedr/verbs.c

index b2a0eb8..8c6c5cc 100644 (file)
@@ -1479,6 +1479,7 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
        struct qedr_ucontext *ctx = NULL;
        struct qedr_create_qp_ureq ureq;
        struct qedr_qp *qp;
+       struct ib_qp *ibqp;
        int rc = 0;
 
        DP_DEBUG(dev, QEDR_MSG_QP, "create qp: called from %s, pd=%p\n",
@@ -1488,13 +1489,13 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
        if (rc)
                return ERR_PTR(rc);
 
+       if (attrs->srq)
+               return ERR_PTR(-EINVAL);
+
        qp = kzalloc(sizeof(*qp), GFP_KERNEL);
        if (!qp)
                return ERR_PTR(-ENOMEM);
 
-       if (attrs->srq)
-               return ERR_PTR(-EINVAL);
-
        DP_DEBUG(dev, QEDR_MSG_QP,
                 "create qp: sq_cq=%p, sq_icid=%d, rq_cq=%p, rq_icid=%d\n",
                 get_qedr_cq(attrs->send_cq),
@@ -1510,7 +1511,10 @@ struct ib_qp *qedr_create_qp(struct ib_pd *ibpd,
                               "create qp: unexpected udata when creating GSI QP\n");
                        goto err0;
                }
-               return qedr_create_gsi_qp(dev, attrs, qp);
+               ibqp = qedr_create_gsi_qp(dev, attrs, qp);
+               if (IS_ERR(ibqp))
+                       kfree(qp);
+               return ibqp;
        }
 
        memset(&in_params, 0, sizeof(in_params));