[SCSI] target: Avoid mem leak and needless work in transport_generic_get_mem
Jesper Juhl [Mon, 14 Mar 2011 11:06:05 +0000 (04:06 -0700)]
In drivers/target/target_core_transport.c::transport_generic_get_mem()
there are a few potential memory leaks in the error paths. This patch
makes sure that we free previously allocated memory when other allocations
fail.  It also moves some work (INIT_LIST_HEAD() and assignment to
se_mem->se_len) below all the allocations so that if something fails we
don't do the work at all.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>

drivers/target/target_core_transport.c

index 20ab27c..67d4286 100644 (file)
@@ -4357,11 +4357,9 @@ transport_generic_get_mem(struct se_cmd *cmd, u32 length, u32 dma_size)
                        printk(KERN_ERR "Unable to allocate struct se_mem\n");
                        goto out;
                }
-               INIT_LIST_HEAD(&se_mem->se_list);
-               se_mem->se_len = (length > dma_size) ? dma_size : length;
 
 /* #warning FIXME Allocate contigous pages for struct se_mem elements */
-               se_mem->se_page = (struct page *) alloc_pages(GFP_KERNEL, 0);
+               se_mem->se_page = alloc_pages(GFP_KERNEL, 0);
                if (!(se_mem->se_page)) {
                        printk(KERN_ERR "alloc_pages() failed\n");
                        goto out;
@@ -4372,6 +4370,8 @@ transport_generic_get_mem(struct se_cmd *cmd, u32 length, u32 dma_size)
                        printk(KERN_ERR "kmap_atomic() failed\n");
                        goto out;
                }
+               INIT_LIST_HEAD(&se_mem->se_list);
+               se_mem->se_len = (length > dma_size) ? dma_size : length;
                memset(buf, 0, se_mem->se_len);
                kunmap_atomic(buf, KM_IRQ0);
 
@@ -4390,6 +4390,9 @@ transport_generic_get_mem(struct se_cmd *cmd, u32 length, u32 dma_size)
 
        return 0;
 out:
+       if (se_mem)
+               __free_pages(se_mem->se_page, 0);
+       kmem_cache_free(se_mem_cache, se_mem);
        return -1;
 }