From patchwork Thu Mar 8 13:45:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Meelis Roos X-Patchwork-Id: 10268123 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 74F1B6016D for ; Thu, 8 Mar 2018 13:45:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64E7729939 for ; Thu, 8 Mar 2018 13:45:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 57B1E2993C; Thu, 8 Mar 2018 13:45:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C741B29939 for ; Thu, 8 Mar 2018 13:45:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755107AbeCHNpF (ORCPT ); Thu, 8 Mar 2018 08:45:05 -0500 Received: from smtp2.it.da.ut.ee ([193.40.5.67]:32964 "EHLO smtp2.it.da.ut.ee" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755144AbeCHNpE (ORCPT ); Thu, 8 Mar 2018 08:45:04 -0500 Received: from math.ut.ee (unknown [IPv6:2001:bb8:2002:2400:5054:ff:fe3b:8db9]) by smtp2.it.da.ut.ee (Postfix) with ESMTP id 336EB90055; Thu, 8 Mar 2018 15:45:03 +0200 (EET) Received: by math.ut.ee (Postfix, from userid 1014) id 1F68D221E68; Thu, 8 Mar 2018 15:45:01 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by math.ut.ee (Postfix) with ESMTP id 15F75221E66; Thu, 8 Mar 2018 15:45:01 +0200 (EET) Date: Thu, 8 Mar 2018 15:45:01 +0200 (EET) From: Meelis Roos To: qla2xxx-upstream@qlogic.com, linux-scsi@vger.kernel.org Subject: [PATCH 3/3] qla2x00: fix init error handling Message-ID: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When firmware init fails, qla2x00_probe_one() does double free of req and rsp queues and possibly other structures allocated by qla2x00_mem_alloc(). Fix it by pulling out qla2x00_mem_free() and qla2x00_free_queues() invocations from qla2x00_free_device() and call them manually where needed, and also zero the req and rsp pointers after freeing them once in the error handler of qla2x00_probe_one(). This fixes memory corruption and further crashes in unrelated code when qla2200 init fails for some reason. Signed-off-by: Meelis Roos --- drivers/scsi/qla2xxx/qla_os.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 3c7bc2d..2ec21b2 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -3389,9 +3389,11 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) probe_init_failed: qla2x00_free_req_que(ha, req); + req = NULL; ha->req_q_map[0] = NULL; clear_bit(0, ha->req_qid_map); qla2x00_free_rsp_que(ha, rsp); + rsp = NULL; ha->rsp_q_map[0] = NULL; clear_bit(0, ha->rsp_qid_map); ha->max_req_queues = ha->max_rsp_queues = 0; @@ -3689,6 +3691,10 @@ qla2x00_remove_one(struct pci_dev *pdev) qla2x00_free_device(base_vha); + qla2x00_mem_free(ha); + + qla2x00_free_queues(ha); + qla2x00_clear_drv_active(ha); scsi_host_put(base_vha->host); @@ -3752,12 +3758,7 @@ qla2x00_free_device(scsi_qla_host_t *vha) ha->wq = NULL; } - - qla2x00_mem_free(ha); - qla82xx_md_free(vha); - - qla2x00_free_queues(ha); } void qla2x00_free_fcports(struct scsi_qla_host *vha)