diff mbox series

[V2] scsi: qla2xxx: Fix double free of fcport in error handling path

Message ID 20240428113404.12522-1-hyperlyzcs@gmail.com
State New
Headers show
Series [V2] scsi: qla2xxx: Fix double free of fcport in error handling path | expand

Commit Message

Yongzhi Liu April 28, 2024, 11:34 a.m. UTC
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.

Fix this by cleaning up the redundant qla2x00_free_fcport() and
replacing error handling with a goto chain.

Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
---
 drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

Comments

Markus Elfring April 28, 2024, 12:52 p.m. UTC | #1
> Fix this by cleaning up the redundant qla2x00_free_fcport() and
> replacing error handling with a goto chain.
…

Can the following wording approach be a bit nicer?

   Thus clean duplicate qla2x00_free_fcport() calls up
   and use more common error handling code instead.



> ---
>  drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
…

Unfortunately, you overlooked to add a patch version description behind the marker line.

See also:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc5#n713


…
> +++ b/drivers/scsi/qla2xxx/qla_iocb.c> @@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
>
>  	wait_for_completion(&elsio->u.els_logo.comp);
>
> +free_sp:

* I suggest to omit a blank line here.

* How do you think about to use the label “put_ref”?


>  	/* ref: INIT */
>  	kref_put(&sp->cmd_kref, qla2x00_sp_release);
>  	return rval;


Regards,
Markus
diff mbox series

Patch

diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..7b6a1db55672 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,10 +2749,8 @@  qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
 			    GFP_KERNEL);
 
 	if (!elsio->u.els_logo.els_logo_pyld) {
-		/* ref: INIT */
-		kref_put(&sp->cmd_kref, qla2x00_sp_release);
-		qla2x00_free_fcport(fcport);
-		return QLA_FUNCTION_FAILED;
+		rval = QLA_FUNCTION_FAILED;
+		goto free_sp;
 	}
 
 	memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2774,10 +2772,8 @@  qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
 
 	rval = qla2x00_start_sp(sp);
 	if (rval != QLA_SUCCESS) {
-		/* ref: INIT */
-		kref_put(&sp->cmd_kref, qla2x00_sp_release);
-		qla2x00_free_fcport(fcport);
-		return QLA_FUNCTION_FAILED;
+		rval = QLA_FUNCTION_FAILED;
+		goto free_sp;
 	}
 
 	ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2787,6 +2783,7 @@  qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
 
 	wait_for_completion(&elsio->u.els_logo.comp);
 
+free_sp:
 	/* ref: INIT */
 	kref_put(&sp->cmd_kref, qla2x00_sp_release);
 	return rval;