scsi: aacraid: Fix memory leak in fib init path
authorRaghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Thu, 16 Feb 2017 20:51:14 +0000 (12:51 -0800)
committerMartin K. Petersen <martin.petersen@oracle.com>
Wed, 22 Feb 2017 23:41:41 +0000 (18:41 -0500)
aac_fib_map_free frees misaligned fib dma memory, additionally it does not
free up the whole memory.

Fixed by changing the  code to free up the correct and full memory
allocation.

Cc: stable@vger.kernel.org
Fixes: e8b12f0fb835223 ([SCSI] aacraid: Add new code for PMC-Sierra's SRC based controller family)
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Reviewed-by: David Carroll <David.Carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/aacraid/commsup.c

index e221321..c10954b 100644 (file)
@@ -95,12 +95,20 @@ static int fib_map_alloc(struct aac_dev *dev)
 
 void aac_fib_map_free(struct aac_dev *dev)
 {
-       if (dev->hw_fib_va && dev->max_cmd_size) {
-               pci_free_consistent(dev->pdev,
-               (dev->max_cmd_size *
-               (dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB)),
-               dev->hw_fib_va, dev->hw_fib_pa);
-       }
+       size_t alloc_size;
+       size_t fib_size;
+       int num_fibs;
+
+       if(!dev->hw_fib_va || !dev->max_cmd_size)
+               return;
+
+       num_fibs = dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB;
+       fib_size = dev->max_fib_size + sizeof(struct aac_fib_xporthdr);
+       alloc_size = fib_size * num_fibs + ALIGN32 - 1;
+
+       pci_free_consistent(dev->pdev, alloc_size, dev->hw_fib_va,
+                                                       dev->hw_fib_pa);
+
        dev->hw_fib_va = NULL;
        dev->hw_fib_pa = 0;
 }
@@ -153,22 +161,20 @@ int aac_fib_setup(struct aac_dev * dev)
        if (i<0)
                return -ENOMEM;
 
-       /* 32 byte alignment for PMC */
-       hw_fib_pa = (dev->hw_fib_pa + (ALIGN32 - 1)) & ~(ALIGN32 - 1);
-       dev->hw_fib_va = (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
-               (hw_fib_pa - dev->hw_fib_pa));
-       dev->hw_fib_pa = hw_fib_pa;
        memset(dev->hw_fib_va, 0,
                (dev->max_cmd_size + sizeof(struct aac_fib_xporthdr)) *
                (dev->scsi_host_ptr->can_queue + AAC_NUM_MGT_FIB));
 
+       /* 32 byte alignment for PMC */
+       hw_fib_pa = (dev->hw_fib_pa + (ALIGN32 - 1)) & ~(ALIGN32 - 1);
+       hw_fib    = (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
+                                       (hw_fib_pa - dev->hw_fib_pa));
+
        /* add Xport header */
-       dev->hw_fib_va = (struct hw_fib *)((unsigned char *)dev->hw_fib_va +
+       hw_fib = (struct hw_fib *)((unsigned char *)hw_fib +
                sizeof(struct aac_fib_xporthdr));
-       dev->hw_fib_pa += sizeof(struct aac_fib_xporthdr);
+       hw_fib_pa += sizeof(struct aac_fib_xporthdr);
 
-       hw_fib = dev->hw_fib_va;
-       hw_fib_pa = dev->hw_fib_pa;
        /*
         *      Initialise the fibs
         */