scsi: qla2xxx: Completely fix fcport double free

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

scsi: qla2xxx: Completely fix fcport double free

In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free().
When an error happens, this function is called by qla2x00_sp_release(),
when kref_put() releases the first and the last reference.

qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport().
Doing it one more time after kref_put() is a bad idea.

Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on chip reset")
Signed-off-by: Vladimir Riabchun <ferr.lambarginio@gmail.com>
Signed-off-by: Farhat Abbas <fabbas@cloudlinux.com>
Link: https://patch.msgid.link/aYsDln9NFQQsPDgg@vova-pc
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Vladimir Riabchun and committed by

Martin K. Petersen 2 months ago c0b7da13 b0bd84c3

-2

1 changed file

expand all

drivers

scsi

qla2xxx

qla_iocb.c

-2

drivers/scsi/qla2xxx/qla_iocb.c

··· 2751 2751 if (!elsio->u.els_logo.els_logo_pyld) { 2752 2752 /* ref: INIT */ 2753 2753 kref_put(&sp->cmd_kref, qla2x00_sp_release); 2754 - qla2x00_free_fcport(fcport); 2755 2754 return QLA_FUNCTION_FAILED; 2756 2755 } 2757 2756 ··· 2775 2776 if (rval != QLA_SUCCESS) { 2776 2777 /* ref: INIT */ 2777 2778 kref_put(&sp->cmd_kref, qla2x00_sp_release); 2778 - qla2x00_free_fcport(fcport); 2779 2779 return QLA_FUNCTION_FAILED; 2780 2780 } 2781 2781

Configure Feed

Configure Feed