lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 27 Dec 2023 14:00:12 +0800
From: Dinghao Liu <dinghao.liu@....edu.cn>
To: dinghao.liu@....edu.cn
Cc: Nilesh Javali <njavali@...vell.com>,
	Manish Rangankar <mrangankar@...vell.com>,
	GR-QLogic-Storage-Upstream@...vell.com,
	"James E.J. Bottomley" <jejb@...ux.ibm.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Hannes Reinecke <hare@...e.de>,
	Chad Dupuis <chad.dupuis@...ium.com>,
	Adheer Chandravanshi <adheer.chandravanshi@...gic.com>,
	linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: qedi: fix error handling of qedi_alloc_global_queues

If qedi->p_cpuq is NULL, the error handling will jump to
mem_alloc_failure. However, qedi->global_queues has not
been allocated at this point, which may lead to a null-
pointer-dereference in qedi_free_global_queues().

On the other hand, when qedi_alloc_bdq() fails, we should
free qedi->global_queues to prevent potential memleak. It's
the same for the following error paths.

Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
---
 drivers/scsi/qedi/qedi_main.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index cd0180b1f5b9..c0eff34f5470 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1637,10 +1637,8 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
 	/* Make sure we allocated the PBL that will contain the physical
 	 * addresses of our queues
 	 */
-	if (!qedi->p_cpuq) {
-		status = -EINVAL;
-		goto mem_alloc_failure;
-	}
+	if (!qedi->p_cpuq)
+		return -EINVAL;
 
 	qedi->global_queues = kzalloc((sizeof(struct global_queue *) *
 				       qedi->num_queues), GFP_KERNEL);
@@ -1751,6 +1749,7 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
 
 mem_alloc_failure:
 	qedi_free_global_queues(qedi);
+	kfree(qedi->global_queues);
 	return status;
 }
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ