Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4828864ybl; Wed, 22 Jan 2020 05:30:43 -0800 (PST) X-Google-Smtp-Source: APXvYqwvB4gI4OmXXcOP6rcA5vp0coz0/BnOqufZIfnQVFAp5ube0F0ZRw97EJv8zLxn96BAVj// X-Received: by 2002:a9d:5918:: with SMTP id t24mr7665395oth.310.1579699843532; Wed, 22 Jan 2020 05:30:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579699843; cv=none; d=google.com; s=arc-20160816; b=VjO/TNEjzH+TaIy1dbX7f+Br31EG1Vrrzz2wW69fdPntsdEvmGOX3vYwm9JIGkaOnu YVP4krelVPGr+FaL+LX0dg9cpfHNT17PfKm4JRswNYpAjNfByZPTUNUNR3GeyGDqIZln Z0ccBCxkLJ//MMD7SBkl7fWnejQTfTXQuqHesSxBhj2VbjKkLskxOBLfUPhvnky+JJJV 1+vIfPEwzpvn2BKqjNOio0ueggBzAxYabu+6pFV9CqrI0mA4QloVJ7QIF+MLiTrV+uVf NcLa10q9HrnRh/EdjcL/jhqYOpdWsgPZYbE8memU8S+utZiX/LssrIK4dO2o/+7KKVVA IhLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ee0vX321RF1FqNCcBvAIs9r1+42yLKWyP1aoBCAVgpc=; b=vtx1CO4++m/IZx5ylA6PHGfK/RhETm9dNFM9E4zKWC4lSPYSIEzo5ItBtiGtCVi0ZA 9moVafQU1WeDpJlghFy/Gp7F4Rld0SpqcN78X6/Q+7Tfz4UWp5Dp5Varo1j9H7Xo3IV1 RrWaV+zjraNvKj7M/fbiyvQs3KIzJH6rBFXq4cc6r5TK7rJZM41tXU0h3arJGu/b02PE N9yKnjTrA+hthFtoel0a4wLbcRVpI9MzqeH7Poe7T6mS6d6hed+WEb3kjDTg7OBymn3q oSOWZT+UJcGiLm43mb7uySBPZOcLL+bWPyvJTjJ+wJcWGhylNrGVznNpR2/YsBagUqbT qP2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ZBw+S/QA"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o7si24072946otk.185.2020.01.22.05.30.31; Wed, 22 Jan 2020 05:30:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ZBw+S/QA"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729876AbgAVN3h (ORCPT + 99 others); Wed, 22 Jan 2020 08:29:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:48382 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728799AbgAVN1K (ORCPT ); Wed, 22 Jan 2020 08:27:10 -0500 Received: from localhost (unknown [84.241.205.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B20C224685; Wed, 22 Jan 2020 13:27:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579699630; bh=a05LJki7/JjRwAFxjy9uKz+C9AjD8lWYO8aJVVSFOVE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZBw+S/QAA2qff7w1gP76Wh4elk2jlsU2KV9O6uwWQCb2CLbrBFLrFgX0uvQamXzPX PXOowFzgs9RXEKw2y7s2y79jzvKTNBrJioPFXN9DNp1xWyYSqu09DJ58zXpK7YFgI7 Zk3gR3opasa9A2Zj2ApBThklGzJ6zc0JsQQyhQg8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pan Bian , Manish Rangankar , "Martin K. Petersen" Subject: [PATCH 5.4 202/222] scsi: qla4xxx: fix double free bug Date: Wed, 22 Jan 2020 10:29:48 +0100 Message-Id: <20200122092848.168309729@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200122092833.339495161@linuxfoundation.org> References: <20200122092833.339495161@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pan Bian commit 3fe3d2428b62822b7b030577cd612790bdd8c941 upstream. The variable init_fw_cb is released twice, resulting in a double free bug. The call to the function dma_free_coherent() before goto is removed to get rid of potential double free. Fixes: 2a49a78ed3c8 ("[SCSI] qla4xxx: added IPv6 support.") Link: https://lore.kernel.org/r/1572945927-27796-1-git-send-email-bianpan2016@163.com Signed-off-by: Pan Bian Acked-by: Manish Rangankar Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla4xxx/ql4_mbx.c | 3 --- 1 file changed, 3 deletions(-) --- a/drivers/scsi/qla4xxx/ql4_mbx.c +++ b/drivers/scsi/qla4xxx/ql4_mbx.c @@ -640,9 +640,6 @@ int qla4xxx_initialize_fw_cb(struct scsi if (qla4xxx_get_ifcb(ha, &mbox_cmd[0], &mbox_sts[0], init_fw_cb_dma) != QLA_SUCCESS) { - dma_free_coherent(&ha->pdev->dev, - sizeof(struct addr_ctrl_blk), - init_fw_cb, init_fw_cb_dma); goto exit_init_fw_cb; }