Commit ba5de05b authored by Ajish Koshy's avatar Ajish Koshy Committed by Li Lingfeng
Browse files

scsi: pm80xx: Fix memory leak during rmmod 

mainline inclusion
from mainline-v5.16-rc1
commit 51e6ed83
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9FNET
CVE: CVE-2021-47193

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51e6ed83bb4ade7c360551fa4ae55c4eacea354b

--------------------------------

Driver failed to release all memory allocated. This would lead to memory
leak during driver removal.

Properly free memory when the module is removed.

Link: https://lore.kernel.org/r/20210906170404.5682-5-Ajish.Koshy@microchip.com


Acked-by: default avatarJack Wang <jinpu.wang@ionos.com>
Signed-off-by: default avatarAjish Koshy <Ajish.Koshy@microchip.com>
Signed-off-by: default avatarViswas G <Viswas.G@microchip.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>

Conflict:
  drivers/scsi/pm8001/pm8001_init.c
  Commit 27a34943("scsi: pm8001: Remove typecast for pointer returned
  by kcalloc()") remove typecast for pointer returned by kcalloc().
Signed-off-by: default avatarLi Lingfeng <lilingfeng3@huawei.com>
parent f8ab733c

drivers/scsi/pm8001/pm8001_init.c

+11 −0
Original line number Diff line number Diff line
@@ -1166,6 +1166,7 @@ pm8001_init_ccb_tag(struct pm8001_hba_info *pm8001_ha, struct Scsi_Host *shost, 
		goto err_out;



	/* Memory region for ccb_info*/

	pm8001_ha->ccb_count = ccb_count;

	pm8001_ha->ccb_info = (struct pm8001_ccb_info *)

		kcalloc(ccb_count, sizeof(struct pm8001_ccb_info), GFP_KERNEL);

	if (!pm8001_ha->ccb_info) {
@@ -1226,6 +1227,16 @@ static void pm8001_pci_remove(struct pci_dev *pdev) 
			tasklet_kill(&pm8001_ha->tasklet[j]);

#endif

	scsi_host_put(pm8001_ha->shost);



	for (i = 0; i < pm8001_ha->ccb_count; i++) {

		dma_free_coherent(&pm8001_ha->pdev->dev,

			sizeof(struct pm8001_prd) * PM8001_MAX_DMA_SG,

			pm8001_ha->ccb_info[i].buf_prd,

			pm8001_ha->ccb_info[i].ccb_dma_handle);

	}

	kfree(pm8001_ha->ccb_info);

	kfree(pm8001_ha->devices);



	pm8001_free(pm8001_ha);

	kfree(sha->sas_phy);

	kfree(sha->sas_port);

drivers/scsi/pm8001/pm8001_sas.h

+1 −0
Original line number Diff line number Diff line
@@ -515,6 +515,7 @@ struct pm8001_hba_info { 
	u32			iomb_size; /* SPC and SPCV IOMB size */

	struct pm8001_device	*devices;

	struct pm8001_ccb_info	*ccb_info;

	u32			ccb_count;

#ifdef PM8001_USE_MSIX

	int			number_of_intr;/*will be used in remove()*/

	char			intr_drvname[PM8001_MAX_MSIX_VEC]