leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

scsi: lpfc: Fix ancient double free

Browse Source 
The "pmb" pointer is freed at the start of the function and then freed
again in the error handling code.

Link: https://lore.kernel.org/r/YA6E8rO51hE56SVw@mwanda
Fixes: 92d7f7b0cd ("[SCSI] lpfc: NPIV: add NPIV support on top of SLI-3")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Dan Carpenter 2021-01-25 11:44:34 +03:00 committed by Martin K. Petersen
parent bc2b4e6802
commit 0be310979e
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
drivers/scsi/lpfc/lpfc_hbadisc.c
View File

@ -1155,13 +1155,14 @@ lpfc_mbx_cmpl_local_config_link(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb)
struct lpfc_vport *vport = pmb->vport;
LPFC_MBOXQ_t *sparam_mb;
struct lpfc_dmabuf *sparam_mp;
u16 status = pmb->u.mb.mbxStatus;
int rc;
if (pmb->u.mb.mbxStatus)
goto out;
mempool_free(pmb, phba->mbox_mem_pool);
if (status)
goto out;
/* don't perform discovery for SLI4 loopback diagnostic test */
if ((phba->sli_rev == LPFC_SLI_REV4) &&
!(phba->hba_flag & HBA_FCOE_MODE) &&
@ -1224,12 +1225,10 @@ lpfc_mbx_cmpl_local_config_link(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb)
out:
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
"0306 CONFIG_LINK mbxStatus error x%x "
"HBA state x%x\n",
pmb->u.mb.mbxStatus, vport->port_state);
sparam_out:
mempool_free(pmb, phba->mbox_mem_pool);
"0306 CONFIG_LINK mbxStatus error x%x HBA state x%x\n",
status, vport->port_state);
sparam_out:
lpfc_linkdown(phba);
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,