Received: by 2002:a4a:311b:0:0:0:0:0 with SMTP id k27-v6csp4799640ooa; Tue, 14 Aug 2018 10:43:06 -0700 (PDT) X-Google-Smtp-Source: AA+uWPw2Dgo9Y6aCFErmJ8Vd7TraF4wC56BduPhYIcbBda4dolmEkHqS8b+13KMjcXHhvpDhqrQH X-Received: by 2002:a17:902:d710:: with SMTP id w16-v6mr21249713ply.93.1534268586609; Tue, 14 Aug 2018 10:43:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534268586; cv=none; d=google.com; s=arc-20160816; b=Zs2oR2cToXfoyfyb0F0wNNhZvXYIHeLB1nKjusqzzSMJU8r5pyNxyPrTnMbkMpRrrW dsy/b1NZ3+BM3EhGXt3wnLk48FeiLJVDZXonAVOKepFuwR12enClp8nd03tOEmt0i0jb XgovvEAJqIAZH4Jz5YG/BUUSOPO87f8GbjJLnd5WBMLOEURCuecBCNvZ3K16D1fqF5EF d39sbbCr2zE1RX8p/zhk30OLl15W+WhWZdA5PqApwJ3WVG58q80DfGjIlx5bftfKlCLK fUOmAbjUMX2JVXblDMznxPo73Fm8K7qoaWFNc7/+HqPSnLfuqOeA+3buPI1HRi0Tw86+ v6mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=+MIFG/zaWL0EDWSVM8lFWZhZdqu7rjmqOrdfrOjBx5k=; b=T71BPaXE0DvwRi2CiSmLXK3dhihx30RwVnYki/N5dblb51taMDVxRsV6e41YIA4pwz XqPNoto5D8uo9AOcqKsxX4MN08K1JRTl5TQL5xgAcr1EhbpCKf/dqIr2HoSu/6nQSEKp f08j77DDQN1ArSrXl+vE+txc7J5whrBFEWsRmlqR1NWTjdZEUnC43rmrOGTK67TzYbkA 24Fh5fUtKv9cc56/13kQ4Mpi9obevgk2F7E13TLA/XoF5bp3YRwqs4JrlP/nArr6vsiM OEW8zmW4F4jE1Y79VnEWe8uIDTw35/FSImFQcr2ULtMOqslZ45FKGdqySy0bP8h8YoJl DeQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o6-v6si17006320plh.226.2018.08.14.10.42.51; Tue, 14 Aug 2018 10:43:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390087AbeHNUaH (ORCPT + 99 others); Tue, 14 Aug 2018 16:30:07 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:59152 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390039AbeHNUaF (ORCPT ); Tue, 14 Aug 2018 16:30:05 -0400 Received: from localhost (unknown [194.244.16.108]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 613D4DDC; Tue, 14 Aug 2018 17:33:47 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Quinn Tran , Himanshu Madhani , "Martin K. Petersen" Subject: [PATCH 4.14 011/104] scsi: qla2xxx: Fix memory leak for allocating abort IOCB Date: Tue, 14 Aug 2018 19:16:25 +0200 Message-Id: <20180814171515.969434032@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180814171515.270692185@linuxfoundation.org> References: <20180814171515.270692185@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Quinn Tran commit 5e53be8e476a3397ed5383c23376f299555a2b43 upstream. In the case of IOCB QFull, Initiator code can leave behind a stale pointer to an SRB structure on the outstanding command array. Fixes: 82de802ad46e ("scsi: qla2xxx: Preparation for Target MQ.") Cc: stable@vger.kernel.org #v4.16+ Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla2xxx/qla_iocb.c | 53 ++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 26 deletions(-) --- a/drivers/scsi/qla2xxx/qla_iocb.c +++ b/drivers/scsi/qla2xxx/qla_iocb.c @@ -2128,34 +2128,11 @@ __qla2x00_alloc_iocbs(struct qla_qpair * req_cnt = 1; handle = 0; - if (!sp) - goto skip_cmd_array; - - /* Check for room in outstanding command list. */ - handle = req->current_outstanding_cmd; - for (index = 1; index < req->num_outstanding_cmds; index++) { - handle++; - if (handle == req->num_outstanding_cmds) - handle = 1; - if (!req->outstanding_cmds[handle]) - break; - } - if (index == req->num_outstanding_cmds) { - ql_log(ql_log_warn, vha, 0x700b, - "No room on outstanding cmd array.\n"); - goto queuing_error; - } - - /* Prep command array. */ - req->current_outstanding_cmd = handle; - req->outstanding_cmds[handle] = sp; - sp->handle = handle; - - /* Adjust entry-counts as needed. */ - if (sp->type != SRB_SCSI_CMD) + if (sp && (sp->type != SRB_SCSI_CMD)) { + /* Adjust entry-counts as needed. */ req_cnt = sp->iocbs; + } -skip_cmd_array: /* Check for room on request queue. */ if (req->cnt < req_cnt + 2) { if (ha->mqenable || IS_QLA83XX(ha) || IS_QLA27XX(ha)) @@ -2179,6 +2156,28 @@ skip_cmd_array: if (req->cnt < req_cnt + 2) goto queuing_error; + if (sp) { + /* Check for room in outstanding command list. */ + handle = req->current_outstanding_cmd; + for (index = 1; index < req->num_outstanding_cmds; index++) { + handle++; + if (handle == req->num_outstanding_cmds) + handle = 1; + if (!req->outstanding_cmds[handle]) + break; + } + if (index == req->num_outstanding_cmds) { + ql_log(ql_log_warn, vha, 0x700b, + "No room on outstanding cmd array.\n"); + goto queuing_error; + } + + /* Prep command array. */ + req->current_outstanding_cmd = handle; + req->outstanding_cmds[handle] = sp; + sp->handle = handle; + } + /* Prep packet */ req->cnt -= req_cnt; pkt = req->ring_ptr; @@ -2191,6 +2190,8 @@ skip_cmd_array: pkt->handle = handle; } + return pkt; + queuing_error: qpair->tgt_counters.num_alloc_iocb_failed++; return pkt;