From: bugzilla-daemon@bugzilla.kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 189051] New: Function fnic_probe() does not set set code when the call to mempool_create_slab_pool() fails
Date: Fri, 25 Nov 2016 11:20:03 +0000 [thread overview]
Message-ID: <bug-189051-11613@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=189051
Bug ID: 189051
Summary: Function fnic_probe() does not set set code when the
call to mempool_create_slab_pool() fails
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: scsi_drivers-other@kernel-bugs.osdl.org
Reporter: bianpan2010@ruc.edu.cn
Regression: No
In the function fnic_probe() defined in file drivers/scsi/fnic/fnic_main.c,
when the call to mempool_create_slab_pool() (at line 738) returns a NULL
pointer, the control flow jumps to label "err_out_free_resources", and returns
variable err. Because variable err is checked at line 714, the value of err
must be 0 here. As a result, function fnic_probe() returns 0 (indicates
success) even if the call to mempool_create_slab_pool() fails.
There are other 2 similar bugs when the call to mempool_create_slab_pool() fail
at lines 742 and 747. Though these errors may occur rarely, I think it may be
better to set correct error codes (e.g. -ENOMEM) on failures. Codes related to
these bugs are summarised as follows.
fnic_probe @@ drivers/scsi/fnic/fnic_main.c
541 static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id
*ent)
542 {
...
547 int err;
...
713 err = fnic_alloc_vnic_resources(fnic);
714 if (err) {
715 shost_printk(KERN_ERR, fnic->lport->host,
716 "Failed to alloc vNIC resources, "
717 "aborting.\n");
718 goto err_out_clear_intr;
719 }
...
// Insert "err = -ENOMEM;" ?
738 fnic->io_req_pool = mempool_create_slab_pool(2, fnic_io_req_cache);
739 if (!fnic->io_req_pool)
// Bug (1): the value of err is 0
740 goto err_out_free_resources;
741
742 pool = mempool_create_slab_pool(2,
fnic_sgl_cache[FNIC_SGL_CACHE_DFLT]);
743 if (!pool)
// Bug (2): the value of err is 0
744 goto err_out_free_ioreq_pool;
745 fnic->io_sgl_pool[FNIC_SGL_CACHE_DFLT] = pool;
746
747 pool = mempool_create_slab_pool(2,
fnic_sgl_cache[FNIC_SGL_CACHE_MAX]);
748 if (!pool)
// Bug (3): the value of err is 0
749 goto err_out_free_dflt_pool;
...
901 return 0;
...
914 err_out_free_dflt_pool:
915 mempool_destroy(fnic->io_sgl_pool[FNIC_SGL_CACHE_DFLT]);
916 err_out_free_ioreq_pool:
917 mempool_destroy(fnic->io_req_pool);
918 err_out_free_resources:
919 fnic_free_vnic_resources(fnic);
920 err_out_clear_intr:
921 fnic_clear_intr_mode(fnic);
922 err_out_dev_close:
923 vnic_dev_close(fnic->vdev);
924 err_out_vnic_unregister:
925 vnic_dev_unregister(fnic->vdev);
926 err_out_iounmap:
927 fnic_iounmap(fnic);
928 err_out_release_regions:
929 pci_release_regions(pdev);
930 err_out_disable_device:
931 pci_disable_device(pdev);
932 err_out_free_hba:
933 fnic_stats_debugfs_remove(fnic);
934 scsi_host_put(lp->host);
935 err_out:
936 return err;
937 }
Thanks very much!
--
You are receiving this mail because:
You are watching the assignee of the bug.
reply other threads:[~2016-11-25 11:20 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-189051-11613@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.