[openib-general] [PATCH] Fix panic and memory leak in SA Query.

Fri Nov 5 11:57:53 PST 2004

Current code frees up memory in error case and dereferences it
later, plus the success case doesn't (seem to) free it up.

(do you guys need patches to be rooted from a particular directory
to be more efficient/convenient ?)

- KK

diff -ruNp 7/sa_query.c 8/sa_query.c

--- 7/sa_query.c	2004-11-05 11:37:44.000000000 -0800
+++ 8/sa_query.c	2004-11-05 11:51:06.000000000 -0800
@@ -544,12 +544,14 @@ int ib_sa_path_rec_get(struct ib_device
 		rec, query->sa_query.mad->data);

 	ret = send_mad(&query->sa_query, timeout_ms);
-	if (ret)
-		kfree(query);
-
-	*sa_query = &query->sa_query;

-	return ret ? ret : query->sa_query.id;
+	if (!ret) {
+		/* Success, return the SA Query and ID. */
+		ret = query->sa_query.id;
+		*sa_query = &query->sa_query;
+	}
+	kfree(query);
+	return ret;
 }
 EXPORT_SYMBOL(ib_sa_path_rec_get);

@@ -617,12 +619,14 @@ int ib_sa_mcmember_rec_query(struct ib_d
 		rec, query->sa_query.mad->data);

 	ret = send_mad(&query->sa_query, timeout_ms);
-	if (ret)
-		kfree(query);
-
-	*sa_query = &query->sa_query;
+	if (!ret) {
+		/* Success, return the SA Query and ID. */
+		ret = query->sa_query.id;
+		*sa_query = &query->sa_query;
+	}
+	kfree(query);
+	return ret;

-	return ret ? ret : query->sa_query.id;
 }
 EXPORT_SYMBOL(ib_sa_mcmember_rec_query);



