From: Prasad J Pandit <p...@fedoraproject.org>
create_cq and create_qp routines allocate ring object, but it's
not released in case of an error, leading to memory leakage.
Reported-by: Li Qiang <liq...@163.com>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
hw/rdma/vmw/pvrdma_cmd.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
index ee2888259c..e8d99f29fa 100644
--- a/hw/rdma/vmw/pvrdma_cmd.c
+++ b/hw/rdma/vmw/pvrdma_cmd.c
@@ -337,7 +337,9 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req
*req,
resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
cmd->cqe, &resp->cq_handle, ring);
- resp->cqe = cmd->cqe;
+ if (resp->hdr.err) {
+ g_free(ring);
+ }
out:
pr_dbg("ret=%d\n", resp->hdr.err);
@@ -490,6 +492,10 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req
*req,
cmd->max_send_sge, cmd->send_cq_handle,
cmd->max_recv_wr, cmd->max_recv_sge,
cmd->recv_cq_handle, rings, &resp->qpn);
+ if (resp->hdr.err) {
+ g_free(rings);
+ goto out;
+ }
resp->max_send_wr = cmd->max_send_wr;
resp->max_recv_wr = cmd->max_recv_wr;
--
2.19.2
