Message ID | 20240425093744.22207-1-hyperlyzcs@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | scsi: qla2xxx: Fix double free of fcport in error handling path | expand |
…
> Fix this by cleaning up the redundant qla2x00_free_fcport().
…
I suggest to avoid duplicate error handling code a bit more
also for the implementation of the function “qla24xx_els_dcmd_iocb”.
https://elixir.bootlin.com/linux/v6.9-rc5/source/drivers/scsi/qla2xxx/qla_iocb.c#L2751
See also:
https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources
Regards,
Markus
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c index 0b41e8a06602..faec66bd1951 100644 --- a/drivers/scsi/qla2xxx/qla_iocb.c +++ b/drivers/scsi/qla2xxx/qla_iocb.c @@ -2751,7 +2751,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode, if (!elsio->u.els_logo.els_logo_pyld) { /* ref: INIT */ kref_put(&sp->cmd_kref, qla2x00_sp_release); - qla2x00_free_fcport(fcport); return QLA_FUNCTION_FAILED; } @@ -2776,7 +2775,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode, if (rval != QLA_SUCCESS) { /* ref: INIT */ kref_put(&sp->cmd_kref, qla2x00_sp_release); - qla2x00_free_fcport(fcport); return QLA_FUNCTION_FAILED; }
When dma_alloc_coherent() or qla2x00_start_sp() return an error, the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release will call qla2x00_free_fcport() to kfree fcport. We shouldn't call qla2x00_free_fcport() again in the error handling path. Fix this by cleaning up the redundant qla2x00_free_fcport(). Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport") Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com> --- drivers/scsi/qla2xxx/qla_iocb.c | 2 -- 1 file changed, 2 deletions(-)