[PATCH] scsi: qla2xxx: fix a double free in qla2x00_probe_one

From: Dinghao Liu
Date: Tue Dec 19 2023 - 22:45:42 EST

Next message: Jason Wang: "Re: [PATCH mlx5-vhost v4 01/15] vdpa/mlx5: Expose resumable vq capability"
Previous message: Stephen Rothwell: "Re: [PATCH] LoongArch: KVM: Fix build due to API changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When qla2x00_mem_alloc() fails, it has cleaned up resources
in its error paths. However, qla2x00_probe_one() calls
qla2x00_mem_free() on failure of qla2x00_mem_alloc() and
tries to free the resources again, which may casue a
double-free.

Fixes: d64d6c5671db ("scsi: qla2xxx: Fix NULL pointer crash due to probe failure")
Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
---
drivers/scsi/qla2xxx/qla_os.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 03348f605c2e..0d8d6c814723 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -3249,7 +3249,7 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
ql_log_pci(ql_log_fatal, pdev, 0x0031,
"Failed to allocate memory for adapter, aborting.\n");

- goto probe_hw_failed;
+ goto mem_alloc_failed;
}

req->max_q_depth = MAX_Q_DEPTH;
@@ -3660,6 +3660,8 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)

probe_hw_failed:
qla2x00_mem_free(ha);
+
+mem_alloc_failed:
qla2x00_free_req_que(ha, req);
qla2x00_free_rsp_que(ha, rsp);
qla2x00_clear_drv_active(ha);
--
2.17.1

Next message: Jason Wang: "Re: [PATCH mlx5-vhost v4 01/15] vdpa/mlx5: Expose resumable vq capability"
Previous message: Stephen Rothwell: "Re: [PATCH] LoongArch: KVM: Fix build due to API changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]