[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240428113404.12522-1-hyperlyzcs@gmail.com>
Date: Sun, 28 Apr 2024 19:34:04 +0800
From: Yongzhi Liu <hyperlyzcs@...il.com>
To: skashyap@...vell.com,
Markus.Elfring@....de,
njavali@...vell.com,
martin.petersen@...cle.com,
James.Bottomley@...senPartnership.com
Cc: himanshu.madhani@...cle.com,
GR-QLogic-Storage-Upstream@...vell.com,
linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org,
jitxie@...cent.com,
huntazhang@...cent.com,
Yongzhi Liu <hyperlyzcs@...il.com>
Subject: [PATCH V2] scsi: qla2xxx: Fix double free of fcport in error handling path
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning up the redundant qla2x00_free_fcport() and
replacing error handling with a goto chain.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <hyperlyzcs@...il.com>
---
drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..7b6a1db55672 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,10 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2774,10 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
wait_for_completion(&elsio->u.els_logo.comp);
+free_sp:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1
Powered by blists - more mailing lists