From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: James Smart <jsmart2021@gmail.com>,
Justin Tee <justin.tee@broadcom.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 07/39] scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
Date: Fri, 9 Jul 2021 22:31:32 -0400 [thread overview]
Message-ID: <20210710023204.3171428-7-sashal@kernel.org> (raw)
In-Reply-To: <20210710023204.3171428-1-sashal@kernel.org>
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 5aa615d195f1e142c662cb2253f057c9baec7531 ]
The driver is encountering a crash in lpfc_free_iocb_list() while
performing initial attachment.
Code review found this to be an errant failure path that was taken, jumping
to a tag that then referenced structures that were uninitialized.
Fix the failure path.
Link: https://lore.kernel.org/r/20210514195559.119853-9-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index f4633c9f8183..40d6537e64dd 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -7281,7 +7281,7 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
"0393 Error %d during rpi post operation\n",
rc);
rc = -ENODEV;
- goto out_destroy_queue;
+ goto out_free_iocblist;
}
lpfc_sli4_node_prep(phba);
@@ -7406,8 +7406,9 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
out_unset_queue:
/* Unset all the queues set up in this routine when error out */
lpfc_sli4_queue_unset(phba);
-out_destroy_queue:
+out_free_iocblist:
lpfc_free_iocb_list(phba);
+out_destroy_queue:
lpfc_sli4_queue_destroy(phba);
out_stop_timers:
lpfc_stop_hba_timers(phba);
--
2.30.2
next prev parent reply other threads:[~2021-07-10 2:33 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-10 2:31 [PATCH AUTOSEL 4.19 01/39] tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 02/39] misc/libmasm/module: Fix two use after free in ibmasm_init_one Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 03/39] Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 04/39] w1: ds2438: fixing bug that would always get page0 Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 05/39] scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() Sasha Levin
2021-07-10 9:20 ` Sergey Shtylyov
2021-07-18 1:20 ` Sasha Levin
2021-07-18 9:13 ` Sergey Shtylyov
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 06/39] scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology Sasha Levin
2021-07-10 2:31 ` Sasha Levin [this message]
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 08/39] scsi: core: Cap scsi_host cmd_per_lun at can_queue Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 09/39] ALSA: ac97: fix PM reference leak in ac97_bus_remove() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 10/39] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 11/39] scsi: scsi_dh_alua: Check for negative result value Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 12/39] fs/jfs: Fix missing error code in lmLogInit() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 13/39] scsi: iscsi: Add iscsi_cls_conn refcount helpers Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 14/39] scsi: iscsi: Fix conn use after free during resets Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 15/39] scsi: iscsi: Fix shost->max_id use Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 16/39] scsi: qedi: Fix null ref during abort handling Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 17/39] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 18/39] s390/sclp_vt220: fix console name to match device Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 19/39] selftests: timers: rtcpie: skip test if default RTC device does not exist Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 20/39] USB: core: Avoid WARNings for 0-length descriptor requests Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 21/39] ALSA: sb: Fix potential double-free of CSP mixer elements Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 22/39] powerpc/ps3: Add dma_mask to ps3_dma_region Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 23/39] gpio: zynq: Check return value of pm_runtime_get_sync Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 24/39] ALSA: ppc: fix error return code in snd_pmac_probe() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 25/39] selftests/powerpc: Fix "no_handler" EBB selftest Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 26/39] gpio: pca953x: Add support for the On Semi pca9655 Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 27/39] ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 28/39] Input: hideep - fix the uninitialized use in hideep_nvm_unlock() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 29/39] ALSA: bebob: add support for ToneWeal FW66 Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 30/39] usb: gadget: f_hid: fix endianness issue with descriptors Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 31/39] usb: gadget: hid: fix error return code in hid_bind() Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 32/39] powerpc/boot: Fixup device-tree on little endian Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 33/39] backlight: lm3630a: Fix return code of .update_status() callback Sasha Levin
2021-07-10 2:31 ` [PATCH AUTOSEL 4.19 34/39] ALSA: hda: Add IRQ check for platform_get_irq() Sasha Levin
2021-07-10 2:32 ` [PATCH AUTOSEL 4.19 35/39] jfs: fix GPF in diFree Sasha Levin
2021-07-10 2:32 ` [PATCH AUTOSEL 4.19 36/39] staging: rtl8723bs: fix macro value for 2.4Ghz only device Sasha Levin
2021-07-10 2:32 ` [PATCH AUTOSEL 4.19 37/39] intel_th: Wait until port is in reset before programming it Sasha Levin
2021-07-10 2:32 ` [PATCH AUTOSEL 4.19 38/39] i2c: core: Disable client irq on reboot/shutdown Sasha Levin
2021-07-10 2:32 ` [PATCH AUTOSEL 4.19 39/39] lib/decompress_unlz4.c: correctly handle zero-padding around initrds Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210710023204.3171428-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jsmart2021@gmail.com \
--cc=justin.tee@broadcom.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox