| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq11rucsgbj.fsf@oracle.com>
Date: Tue, 12 Nov 2019 20:41:52 -0500
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: hmadhani@...vell.com
Cc: Thomas Abraham <tabraham@...e.com>, jejb@...ux.ibm.com,
martin.petersen@...cle.com, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org, hare@...e.com
Subject: Re: [PATCH] scsi: qla2xxx: avoid crash in qlt_handle_abts_completion() if mcmd == NULL
Himanshu: Ping.
Also see: https://patchwork.kernel.org/patch/11141981/
> qlt_ctio_to_cmd() will return a NULL mcmd if h == QLA_TGT_SKIP_HANDLE. If
> the error subcodes don't match the exact codes checked a crash will occur
> when calling free_mcmd on the null mcmd
>
> Signed-off-by: Thomas Abraham <tabraham@...e.com>
> ---
> drivers/scsi/qla2xxx/qla_target.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
> index a06e56224a55..611ab224662f 100644
> --- a/drivers/scsi/qla2xxx/qla_target.c
> +++ b/drivers/scsi/qla2xxx/qla_target.c
> @@ -5732,7 +5732,8 @@ static void qlt_handle_abts_completion(struct scsi_qla_host *vha,
> vha->vp_idx, entry->compl_status,
> entry->error_subcode1,
> entry->error_subcode2);
> - ha->tgt.tgt_ops->free_mcmd(mcmd);
> + if (mcmd)
> + ha->tgt.tgt_ops->free_mcmd(mcmd);
> }
> } else if (mcmd) {
> ha->tgt.tgt_ops->free_mcmd(mcmd);
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists