Received: by 10.213.65.68 with SMTP id h4csp422234imn; Tue, 13 Mar 2018 08:33:58 -0700 (PDT) X-Google-Smtp-Source: AG47ELuNowBfGiefrqRFusPnBu934Q1aPMVA5+HOSlp0h6MaZPGWv8KuXWwYYSjMF9FlrTqIZUJa X-Received: by 10.99.124.14 with SMTP id x14mr840548pgc.290.1520955238111; Tue, 13 Mar 2018 08:33:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520955238; cv=none; d=google.com; s=arc-20160816; b=tA/7mv4LE66a4JYYN5fOeeadPAGH/QAXLLXHs0/q6YCsX21pUTPhZjJRS6Oxl/5sLu yVPlMmcjJ5WbzpzCXh77Uh6d5fk5vbMPige12f4KoK2Sn85R3e4Tq5XBJVgi8ojhTDbj 0056HT1SA1KA6apyIenqHrYiRS/6s0miHvdxItxgyjTBqA3MXkaXGSUqGWhX3hT/4TJF G4yrWAB3NUkyPywMG3AWmN9DU/Hv2DZygreL/Ob+SFiCjmGpZtnOyCBz4am23LWsLCUP /Qj5ugBWp8ES0fzXLn4XZH3zDHZ5BsIq1b0U7d6jpA4G332BiG0vBqWWr5HSqc650G10 1onA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=ithzm7bOjV8wbNhNzEnLGR9nEC2NaqvU2/vT/qn4YDY=; b=ublWgx9oUsfJJ73B97E9huXNeMvySxiB8C7ecZ0Xtz0C60fJYPjy19bnCH4i9oMX07 wViFZTppElHH8iORp2WkZNIM3UoSAsew3hpMvkyhTdIP32bp5DuxJowgb4kbr2Hd2HUL 0MFrukUzGwU6ITafdnI4/Em7/8M2iUryig/uG5hcPZ743WDi+tP44KoFR0PdP3JjCEOj TPlAHjo9B3J6Ik6s+QilEzuvGddHdk9/Q4B4JPQeuFuq9gbjs9QkQkj8v0KlzQrRTpls OI2ZNF08h/NDHtN4ORt+xnHt8E8HAjfU+a/9tQld2LZXtDng43Vd9uGf9FiadblIioH2 YmhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 59-v6si263477plc.0.2018.03.13.08.33.43; Tue, 13 Mar 2018 08:33:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752951AbeCMPcY (ORCPT + 99 others); Tue, 13 Mar 2018 11:32:24 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:59762 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752934AbeCMPcW (ORCPT ); Tue, 13 Mar 2018 11:32:22 -0400 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id D58CF11EA; Tue, 13 Mar 2018 15:32:20 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Himanshu Madhani , "Martin K. Petersen" Subject: [PATCH 4.15 076/146] scsi: qla2xxx: Fix NULL pointer crash due to probe failure Date: Tue, 13 Mar 2018 16:24:03 +0100 Message-Id: <20180313152326.623263537@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180313152320.439085687@linuxfoundation.org> References: <20180313152320.439085687@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: himanshu.madhani@cavium.com commit d64d6c5671db5e693a0caaee79f2571b098749c9 upstream. This patch fixes regression added by commit d74595278f4ab ("scsi: qla2xxx: Add multiple queue pair functionality."). When driver is not able to get reqeusted IRQs from the system, driver will attempt tp clean up memory before failing hardware probe. During this cleanup, driver assigns NULL value to the pointer which has not been allocated by driver yet. This results in a NULL pointer access. Log file will show following message and stack trace qla2xxx [0000:a3:00.1]-00c7:21: MSI-X: Failed to enable support, giving up -- 32/-1. qla2xxx [0000:a3:00.1]-0037:21: Falling back-to MSI mode --1. qla2xxx [0000:a3:00.1]-003a:21: Failed to reserve interrupt 821 already in use. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] qla2x00_probe_one+0x18b6/0x2730 [qla2xxx] PGD 0 Oops: 0002 [#1] SMP Fixes: d74595278f4ab ("scsi: qla2xxx: Add multiple queue pair functionality."). Cc: # 4.10 Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla2xxx/qla_os.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -3011,9 +3011,6 @@ qla2x00_probe_one(struct pci_dev *pdev, base_vha = qla2x00_create_host(sht, ha); if (!base_vha) { ret = -ENOMEM; - qla2x00_mem_free(ha); - qla2x00_free_req_que(ha, req); - qla2x00_free_rsp_que(ha, rsp); goto probe_hw_failed; } @@ -3074,7 +3071,7 @@ qla2x00_probe_one(struct pci_dev *pdev, /* Set up the irqs */ ret = qla2x00_request_irqs(ha, rsp); if (ret) - goto probe_init_failed; + goto probe_hw_failed; /* Alloc arrays of request and response ring ptrs */ if (!qla2x00_alloc_queues(ha, req, rsp)) { @@ -3390,6 +3387,9 @@ probe_failed: scsi_host_put(base_vha->host); probe_hw_failed: + qla2x00_mem_free(ha); + qla2x00_free_req_que(ha, req); + qla2x00_free_rsp_que(ha, rsp); qla2x00_clear_drv_active(ha); iospace_config_failed: