[SCSI] ipr: Avoid target_destroy accessing memory after it was freed

Defined target_ids,array_ids and vsets_ids as unsigned long to avoid target_destroy accessing memory after it was freed. Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
author: wenxiong@linux.vnet.ibm.com <wenxiong@linux.vnet.ibm.com> 2013-03-14 14:52:25 -0400
committer: James Bottomley <JBottomley@Parallels.com> 2013-05-12 18:07:42 -0400
commit: 222ab5946860e1d77870ffbfebebff2bcb1f4215 (patch)
tree: 6ed646b1b53667ad098a6440333543ca114019bb
parent: 364398324c901bc834f762eb5443d2e5a1d2a0db (diff)
2 files changed, 3 insertions, 19 deletions
diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
index 82a3c1ec8706..6c4cedb44c07 100644
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -8980,19 +8980,6 @@ static int ipr_alloc_mem(struct ipr_ioa_cfg *ioa_cfg)
        if (!ioa_cfg->res_entries)
                goto out;
-        if (ioa_cfg->sis64) {
-                ioa_cfg->target_ids = kzalloc(sizeof(unsigned long) *
-                                              BITS_TO_LONGS(ioa_cfg->max_devs_supported), GFP_KERNEL);
-                ioa_cfg->array_ids = kzalloc(sizeof(unsigned long) *
-                                             BITS_TO_LONGS(ioa_cfg->max_devs_supported), GFP_KERNEL);
-                ioa_cfg->vset_ids = kzalloc(sizeof(unsigned long) *
-                                            BITS_TO_LONGS(ioa_cfg->max_devs_supported), GFP_KERNEL);
-                if (!ioa_cfg->target_ids || !ioa_cfg->array_ids
-                        || !ioa_cfg->vset_ids)
-                        goto out_free_res_entries;
-        }
        for (i = 0; i < ioa_cfg->max_devs_supported; i++) {
                list_add_tail(&ioa_cfg->res_entries[i].queue, &ioa_cfg->free_res_q);
                ioa_cfg->res_entries[i].ioa_cfg = ioa_cfg;
@@ -9089,9 +9076,6 @@ out_free_vpd_cbs:
                            ioa_cfg->vpd_cbs, ioa_cfg->vpd_cbs_dma);
 out_free_res_entries:
        kfree(ioa_cfg->res_entries);
-        kfree(ioa_cfg->target_ids);
-        kfree(ioa_cfg->array_ids);
-        kfree(ioa_cfg->vset_ids);
        goto out;
 }
diff --git a/drivers/scsi/ipr.h b/drivers/scsi/ipr.h
index a1fb840596ef..07a85ce41782 100644
--- a/drivers/scsi/ipr.h
+++ b/drivers/scsi/ipr.h
@@ -1440,9 +1440,9 @@ struct ipr_ioa_cfg {
        /*
         * Bitmaps for SIS64 generated target values
         */
-        unsigned long *target_ids;
+        unsigned long target_ids[BITS_TO_LONGS(IPR_MAX_SIS64_DEVS)];
-        unsigned long *array_ids;
+        unsigned long array_ids[BITS_TO_LONGS(IPR_MAX_SIS64_DEVS)];
-        unsigned long *vset_ids;
+        unsigned long vset_ids[BITS_TO_LONGS(IPR_MAX_SIS64_DEVS)];
        u16 type; /* CCIN of the card */
author	wenxiong@linux.vnet.ibm.com <wenxiong@linux.vnet.ibm.com>	2013-03-14 14:52:25 -0400
committer	James Bottomley <JBottomley@Parallels.com>	2013-05-12 18:07:42 -0400
commit	222ab5946860e1d77870ffbfebebff2bcb1f4215 (patch)
tree	6ed646b1b53667ad098a6440333543ca114019bb
parent	364398324c901bc834f762eb5443d2e5a1d2a0db (diff)