| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231227060012.31844-1-dinghao.liu@zju.edu.cn>
Date: Wed, 27 Dec 2023 14:00:12 +0800
From: Dinghao Liu <dinghao.liu@....edu.cn>
To: dinghao.liu@....edu.cn
Cc: Nilesh Javali <njavali@...vell.com>,
Manish Rangankar <mrangankar@...vell.com>,
GR-QLogic-Storage-Upstream@...vell.com,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Hannes Reinecke <hare@...e.de>,
Chad Dupuis <chad.dupuis@...ium.com>,
Adheer Chandravanshi <adheer.chandravanshi@...gic.com>,
linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: qedi: fix error handling of qedi_alloc_global_queues
If qedi->p_cpuq is NULL, the error handling will jump to
mem_alloc_failure. However, qedi->global_queues has not
been allocated at this point, which may lead to a null-
pointer-dereference in qedi_free_global_queues().
On the other hand, when qedi_alloc_bdq() fails, we should
free qedi->global_queues to prevent potential memleak. It's
the same for the following error paths.
Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
---
drivers/scsi/qedi/qedi_main.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index cd0180b1f5b9..c0eff34f5470 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1637,10 +1637,8 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
/* Make sure we allocated the PBL that will contain the physical
* addresses of our queues
*/
- if (!qedi->p_cpuq) {
- status = -EINVAL;
- goto mem_alloc_failure;
- }
+ if (!qedi->p_cpuq)
+ return -EINVAL;
qedi->global_queues = kzalloc((sizeof(struct global_queue *) *
qedi->num_queues), GFP_KERNEL);
@@ -1751,6 +1749,7 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
mem_alloc_failure:
qedi_free_global_queues(qedi);
+ kfree(qedi->global_queues);
return status;
}
--
2.17.1
Powered by blists - more mailing lists