* [PATCH V2] mpi3mr: fix a double free
@ 2021-06-08 14:57 Tomas Henzl
2021-06-08 15:24 ` Kashyap Desai
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Tomas Henzl @ 2021-06-08 14:57 UTC (permalink / raw)
To: linux-scsi; +Cc: kashyap.desai, sathya.prakash
Fix a double free, scsi_tgt_priv_data will be freed
in mpi3mr_target_destroy so remove the kfree from
mpi3mr_target_alloc.
I've also removed few unneeded initialisations.
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
---
V2: removed init of scsi_tgt_priv_data->starget = starget and
scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE
suggested by Kashyap
drivers/scsi/mpi3mr/mpi3mr_os.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c
index a54aa009ec5a..29d43235b525 100644
--- a/drivers/scsi/mpi3mr/mpi3mr_os.c
+++ b/drivers/scsi/mpi3mr/mpi3mr_os.c
@@ -3294,13 +3294,10 @@ static int mpi3mr_target_alloc(struct scsi_target *starget)
return -ENOMEM;
starget->hostdata = scsi_tgt_priv_data;
- scsi_tgt_priv_data->starget = starget;
- scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE;
spin_lock_irqsave(&mrioc->tgtdev_lock, flags);
tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id);
if (tgt_dev && !tgt_dev->is_hidden) {
- starget->hostdata = scsi_tgt_priv_data;
scsi_tgt_priv_data->starget = starget;
scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle;
scsi_tgt_priv_data->perst_id = tgt_dev->perst_id;
@@ -3309,10 +3306,8 @@ static int mpi3mr_target_alloc(struct scsi_target *starget)
tgt_dev->starget = starget;
atomic_set(&scsi_tgt_priv_data->block_io, 0);
retval = 0;
- } else {
- kfree(scsi_tgt_priv_data);
+ } else
retval = -ENXIO;
- }
spin_unlock_irqrestore(&mrioc->tgtdev_lock, flags);
return retval;
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [PATCH V2] mpi3mr: fix a double free
2021-06-08 14:57 [PATCH V2] mpi3mr: fix a double free Tomas Henzl
@ 2021-06-08 15:24 ` Kashyap Desai
2021-06-10 2:58 ` Martin K. Petersen
2021-06-16 3:49 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Kashyap Desai @ 2021-06-08 15:24 UTC (permalink / raw)
To: Tomas Henzl, linux-scsi; +Cc: Sathya Prakash Veerichetty
[-- Attachment #1: Type: text/plain, Size: 1723 bytes --]
>
> Fix a double free, scsi_tgt_priv_data will be freed in
mpi3mr_target_destroy
> so remove the kfree from mpi3mr_target_alloc.
> I've also removed few unneeded initialisations.
>
> Signed-off-by: Tomas Henzl <thenzl@redhat.com>
> ---
> V2: removed init of scsi_tgt_priv_data->starget = starget and
> scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE suggested
> by Kashyap
>
>
> drivers/scsi/mpi3mr/mpi3mr_os.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c
> b/drivers/scsi/mpi3mr/mpi3mr_os.c index a54aa009ec5a..29d43235b525
> 100644
> --- a/drivers/scsi/mpi3mr/mpi3mr_os.c
> +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c
> @@ -3294,13 +3294,10 @@ static int mpi3mr_target_alloc(struct
scsi_target
> *starget)
> return -ENOMEM;
>
> starget->hostdata = scsi_tgt_priv_data;
> - scsi_tgt_priv_data->starget = starget;
> - scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE;
>
> spin_lock_irqsave(&mrioc->tgtdev_lock, flags);
> tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id);
> if (tgt_dev && !tgt_dev->is_hidden) {
> - starget->hostdata = scsi_tgt_priv_data;
> scsi_tgt_priv_data->starget = starget;
> scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle;
> scsi_tgt_priv_data->perst_id = tgt_dev->perst_id; @@ -
> 3309,10 +3306,8 @@ static int mpi3mr_target_alloc(struct scsi_target
> *starget)
> tgt_dev->starget = starget;
> atomic_set(&scsi_tgt_priv_data->block_io, 0);
> retval = 0;
> - } else {
> - kfree(scsi_tgt_priv_data);
> + } else
> retval = -ENXIO;
> - }
> spin_unlock_irqrestore(&mrioc->tgtdev_lock, flags);
>
> return retval;
Acked-by: Kashyap Desai <kashyap.desai@broadcom.com>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4212 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH V2] mpi3mr: fix a double free
2021-06-08 14:57 [PATCH V2] mpi3mr: fix a double free Tomas Henzl
2021-06-08 15:24 ` Kashyap Desai
@ 2021-06-10 2:58 ` Martin K. Petersen
2021-06-16 3:49 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2021-06-10 2:58 UTC (permalink / raw)
To: Tomas Henzl; +Cc: linux-scsi, kashyap.desai, sathya.prakash
Tomas,
> Fix a double free, scsi_tgt_priv_data will be freed in
> mpi3mr_target_destroy so remove the kfree from mpi3mr_target_alloc.
> I've also removed few unneeded initialisations.
Applied to 5.14/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH V2] mpi3mr: fix a double free
2021-06-08 14:57 [PATCH V2] mpi3mr: fix a double free Tomas Henzl
2021-06-08 15:24 ` Kashyap Desai
2021-06-10 2:58 ` Martin K. Petersen
@ 2021-06-16 3:49 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2021-06-16 3:49 UTC (permalink / raw)
To: linux-scsi, Tomas Henzl
Cc: Martin K . Petersen, kashyap.desai, sathya.prakash
On Tue, 8 Jun 2021 16:57:12 +0200, Tomas Henzl wrote:
> Fix a double free, scsi_tgt_priv_data will be freed
> in mpi3mr_target_destroy so remove the kfree from
> mpi3mr_target_alloc.
> I've also removed few unneeded initialisations.
Applied to 5.14/scsi-queue, thanks!
[1/1] mpi3mr: fix a double free
https://git.kernel.org/mkp/scsi/c/d3d61f9c8c2d
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-16 3:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 14:57 [PATCH V2] mpi3mr: fix a double free Tomas Henzl
2021-06-08 15:24 ` Kashyap Desai
2021-06-10 2:58 ` Martin K. Petersen
2021-06-16 3:49 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.