linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] iscsi: qla4xxx: fix double free in probe
@ 2019-12-03  9:45 Dan Carpenter
  2019-12-04 15:08 ` Manish Rangankar
  2019-12-10  0:02 ` Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2019-12-03  9:45 UTC (permalink / raw)
  To: QLogic-Storage-Upstream, David Somayajulu
  Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, kernel-janitors

On this error path we call qla4xxx_mem_free() and then the caller also
calls qla4xxx_free_adapter() which calls qla4xxx_mem_free().  It leads
to a couple double frees:

drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha->chap_dma_pool' double freed
drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha->fw_ddb_dma_pool' double freed

Fixes: afaf5a2d341d ("[SCSI] Initial Commit of qla4xxx")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/scsi/qla4xxx/ql4_os.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index 8c674eca09f1..2323432a0edb 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -4275,7 +4275,6 @@ static int qla4xxx_mem_alloc(struct scsi_qla_host *ha)
 	return QLA_SUCCESS;
 
 mem_alloc_error_exit:
-	qla4xxx_mem_free(ha);
 	return QLA_ERROR;
 }
 
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [PATCH] iscsi: qla4xxx: fix double free in probe
  2019-12-03  9:45 [PATCH] iscsi: qla4xxx: fix double free in probe Dan Carpenter
@ 2019-12-04 15:08 ` Manish Rangankar
  2019-12-10  0:02 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Manish Rangankar @ 2019-12-04 15:08 UTC (permalink / raw)
  To: Dan Carpenter, QLogic-Storage-Upstream, David Somayajulu
  Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, kernel-janitors


> -----Original Message-----
> From: linux-scsi-owner@vger.kernel.org <linux-scsi-
> owner@vger.kernel.org> On Behalf Of Dan Carpenter
> Sent: Tuesday, December 3, 2019 3:15 PM
> To: QLogic-Storage-Upstream@qlogic.com; David Somayajulu
> <david.somayajulu@qlogic.com>
> Cc: James E.J. Bottomley <jejb@linux.ibm.com>; Martin K. Petersen
> <martin.petersen@oracle.com>; linux-scsi@vger.kernel.org; kernel-
> janitors@vger.kernel.org
> Subject: [PATCH] iscsi: qla4xxx: fix double free in probe
> 
> On this error path we call qla4xxx_mem_free() and then the caller also calls
> qla4xxx_free_adapter() which calls qla4xxx_mem_free().  It leads to a couple
> double frees:
> 
> drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha-
> >chap_dma_pool' double freed
> drivers/scsi/qla4xxx/ql4_os.c:8856 qla4xxx_probe_adapter() warn: 'ha-
> >fw_ddb_dma_pool' double freed
> 
> Fixes: afaf5a2d341d ("[SCSI] Initial Commit of qla4xxx")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/scsi/qla4xxx/ql4_os.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
> index 8c674eca09f1..2323432a0edb 100644
> --- a/drivers/scsi/qla4xxx/ql4_os.c
> +++ b/drivers/scsi/qla4xxx/ql4_os.c
> @@ -4275,7 +4275,6 @@ static int qla4xxx_mem_alloc(struct
> scsi_qla_host *ha)
>  	return QLA_SUCCESS;
> 
>  mem_alloc_error_exit:
> -	qla4xxx_mem_free(ha);
>  	return QLA_ERROR;
>  }
> 
> --
> 2.11.0

Thanks
Acked-by: Manish Rangankar <mrangankar@marvell.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] iscsi: qla4xxx: fix double free in probe
  2019-12-03  9:45 [PATCH] iscsi: qla4xxx: fix double free in probe Dan Carpenter
  2019-12-04 15:08 ` Manish Rangankar
@ 2019-12-10  0:02 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2019-12-10  0:02 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: QLogic-Storage-Upstream, David Somayajulu, James E.J. Bottomley,
	Martin K. Petersen, linux-scsi, kernel-janitors


Dan,

> On this error path we call qla4xxx_mem_free() and then the caller also
> calls qla4xxx_free_adapter() which calls qla4xxx_mem_free().  It leads
> to a couple double frees:

Applied to 5.5/scsi-fixes, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-12-10  0:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-03  9:45 [PATCH] iscsi: qla4xxx: fix double free in probe Dan Carpenter
2019-12-04 15:08 ` Manish Rangankar
2019-12-10  0:02 ` Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).