From 37419d674ca99739dbee5ada28b50aacc29c94e1 Mon Sep 17 00:00:00 2001 From: Chris Boot Date: Tue, 11 Dec 2012 21:58:47 +0000 Subject: sbp-target: use simple assignment in tgt_agent_rw_agent_state() There is no need to memcpy() a 32-bit integer. The data pointer is guaranteed to be quadlet aligned by the FireWire stack so we can replace the memcpy() with an assignment. Thanks to Stefan Richter. Signed-off-by: Chris Boot Cc: Stefan Richter Cc: Andy Grover Cc: Clemens Ladisch Cc: Nicholas A. Bellinger Signed-off-by: Nicholas Bellinger --- drivers/target/sbp/sbp_target.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'drivers/target/sbp/sbp_target.c') diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c index 0d6d7c1f025e..f0a2a1d982a2 100644 --- a/drivers/target/sbp/sbp_target.c +++ b/drivers/target/sbp/sbp_target.c @@ -704,16 +704,17 @@ static void session_maintenance_work(struct work_struct *work) static int tgt_agent_rw_agent_state(struct fw_card *card, int tcode, void *data, struct sbp_target_agent *agent) { - __be32 state; + int state; switch (tcode) { case TCODE_READ_QUADLET_REQUEST: pr_debug("tgt_agent AGENT_STATE READ\n"); spin_lock_bh(&agent->lock); - state = cpu_to_be32(agent->state); + state = agent->state; spin_unlock_bh(&agent->lock); - memcpy(data, &state, sizeof(state)); + + *(__be32 *)data = cpu_to_be32(state); return RCODE_COMPLETE; -- cgit v1.2.3-59-g8ed1b From e1fe2060d7e8f58a69374135e32e90f0bb79a7fd Mon Sep 17 00:00:00 2001 From: Chris Boot Date: Tue, 11 Dec 2012 21:58:48 +0000 Subject: sbp-target: fix error path in sbp_make_tpg() If the TPG memory is allocated successfully, but we fail further along in the function, a dangling pointer to freed memory is left in the TPort structure. This is mostly harmless, but does prevent re-trying the operation without first removing the TPort altogether. Reported-by: Chen Gang Signed-off-by: Chris Boot Cc: Andy Grover Cc: Nicholas A. Bellinger Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger --- drivers/target/sbp/sbp_target.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'drivers/target/sbp/sbp_target.c') diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c index f0a2a1d982a2..2e8d06f198ae 100644 --- a/drivers/target/sbp/sbp_target.c +++ b/drivers/target/sbp/sbp_target.c @@ -2208,20 +2208,23 @@ static struct se_portal_group *sbp_make_tpg( tport->mgt_agt = sbp_management_agent_register(tport); if (IS_ERR(tport->mgt_agt)) { ret = PTR_ERR(tport->mgt_agt); - kfree(tpg); - return ERR_PTR(ret); + goto out_free_tpg; } ret = core_tpg_register(&sbp_fabric_configfs->tf_ops, wwn, &tpg->se_tpg, (void *)tpg, TRANSPORT_TPG_TYPE_NORMAL); - if (ret < 0) { - sbp_management_agent_unregister(tport->mgt_agt); - kfree(tpg); - return ERR_PTR(ret); - } + if (ret < 0) + goto out_unreg_mgt_agt; return &tpg->se_tpg; + +out_unreg_mgt_agt: + sbp_management_agent_unregister(tport->mgt_agt); +out_free_tpg: + tport->tpg = NULL; + kfree(tpg); + return ERR_PTR(ret); } static void sbp_drop_tpg(struct se_portal_group *se_tpg) -- cgit v1.2.3-59-g8ed1b