When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning up the redundant qla2x00_free_fcport().
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <[email protected]>
---
drivers/scsi/qla2xxx/qla_iocb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..faec66bd1951 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2751,7 +2751,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (!elsio->u.els_logo.els_logo_pyld) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2776,7 +2775,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (rval != QLA_SUCCESS) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
--
2.36.1
…
> Fix this by cleaning up the redundant qla2x00_free_fcport().
…
I suggest to avoid duplicate error handling code a bit more
also for the implementation of the function “qla24xx_els_dcmd_iocb”.
https://elixir.bootlin.com/linux/v6.9-rc5/source/drivers/scsi/qla2xxx/qla_iocb.c#L2751
See also:
https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources
Regards,
Markus
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning up the redundant qla2x00_free_fcport() and
replacing error handling with a goto chain.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <[email protected]>
---
drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..7b6a1db55672 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,10 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2774,10 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
wait_for_completion(&elsio->u.els_logo.comp);
+free_sp:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1
…
> Fix this by cleaning up the redundant qla2x00_free_fcport() and
> replacing error handling with a goto chain.
…
Can the following wording approach be a bit nicer?
Thus clean duplicate qla2x00_free_fcport() calls up
and use more common error handling code instead.
> ---
> drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
…
Unfortunately, you overlooked to add a patch version description behind the marker line.
See also:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc5#n713
…
> +++ b/drivers/scsi/qla2xxx/qla_iocb.c
…
> @@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
>
> wait_for_completion(&elsio->u.els_logo.comp);
>
> +free_sp:
* I suggest to omit a blank line here.
* How do you think about to use the label “put_ref”?
> /* ref: INIT */
> kref_put(&sp->cmd_kref, qla2x00_sp_release);
> return rval;
Regards,
Markus
…> Fix this by cleaning up the redundant qla2x00_free_fcport() and
> replacing error handling with a goto chain.
I imagine that there can be a need to provide the desired software adjustment
as a patch series with two separate update steps.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc5#n81
* Deletion of inappropriate function calls
* Optimisation of exception handling
How do you think about to refer to the affected function
(instead of the hint “error handling path”) in the summary phrase?
Regards,
Markus
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning the duplicate qla2x00_free_fcport() calls up.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <[email protected]>
---
V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
V1 -> V2: Optimisation of exception handling
drivers/scsi/qla2xxx/qla_iocb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..faec66bd1951 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2751,7 +2751,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (!elsio->u.els_logo.els_logo_pyld) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2776,7 +2775,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (rval != QLA_SUCCESS) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
--
2.36.1
To avoid duplicate error handling code a bit more, use more common goto
chain in qla24xx_els_dcmd_iocb.
Signed-off-by: Yongzhi Liu <[email protected]>
---
V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
V1 -> V2: Optimisation of exception handling
drivers/scsi/qla2xxx/qla_iocb.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index faec66bd1951..a3a3904cbb47 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,9 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2773,9 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2784,7 +2782,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
-
+put_ref:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1
* I would usually expect a corresponding cover letter for patch series.
* Would you like to add parentheses to the function name in the summary phrase?
> When dma_alloc_coherent() or qla2x00_start_sp() return an error,
call returned?
> the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
> will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
free “fcport”?
> qla2x00_free_fcport() again in the error handling path.
paths?
> Fix this by cleaning the duplicate qla2x00_free_fcport() calls up.
Would the wording “Thus delete duplicate qla2x00_free_fcport() calls.” be a bit nicer?
…
> ---
> V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
…
* How do you think about to avoid the repetition of version identifiers
(according to the selected enumeration style)?
* You would probably like to avoid another typo here.
Regards,
Markus
Would you like to use the summary phrase “Use common error handling code in qla24xx_els_dcmd_iocb()”?
> To avoid duplicate error handling code a bit more, use more common goto
> chain in qla24xx_els_dcmd_iocb.
How do you think about the following wording?
Add a jump target so that a bit of exception handling can be better reused
at the end of this function implementation.
Can the tag “Suggested-by” be helpful for an improved change description?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc6#n586
Regards,
Markus
Hi maintainers,
This patch series includes two patches that address a double free
bug in the driver scsi/qla2xxx, and optimize error handling code
in the qla24xx_els_dcmd_iocb().
Patch 1/2: Fix double free of fcport in qla24xx_els_dcmd_iocb()
Patch 2/2: Use common error handling code in qla24xx_els_dcmd_iocb()
The changelog for the patch series is as follows.
V3 -> V4: Improve patch summary and description
V2 -> V3: Improve patch summary and provide a patch serises with
two separate update steps
V1 -> V2: Optimisation of exception handling
Please review and let me know if you have any questions or concerns.
Best regards,
Yongzhi Liu
drivers/scsi/qla2xxx/qla_iocb.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
--
2.36.1