Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3713696pxk;
        Mon, 7 Sep 2020 23:45:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJza84obIa6TkQVAfEFh7baAspfjBPH4Ht8B99J0VrJIVfw0ZfEsGPR7sObTb6hq1CVKo9l3
X-Received: by 2002:aa7:de91:: with SMTP id j17mr25574606edv.85.1599547548311;
        Mon, 07 Sep 2020 23:45:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599547548; cv=none;
        d=google.com; s=arc-20160816;
        b=k0Bz3w+5Tar7JufnCbBTp5JAor+X2o0R656bBcc5uUaMNztRuo6FHFqZ86izKVSkJI
         zVQnpdCBQW701gs/yGFws6RhxRl43YtoWOC6SQ9tn+3fk2RU0th4+Wkntz9bCGwcHspY
         Ns+2It/pPb7FZqFr15HlBwZp6WpsFTgNfxZUU2hN3NFv3sQwvwDNGKM6nf9iZulS0aqG
         GeQrLrNOT8WsK9uZotVLUKhR2lO2QT+VT7qzTzvndL3B4qodA7FfPEaA3Xj3IdYzhPny
         WuXC9j1431/4YfhcYReOwdHJwK9n7rJaRChYjIYmbBMjW10bS4iYvmp7QxMIMfxglZkh
         T6IA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature;
        bh=AGPffl/YHuPDteRp3+NES37/v9a5o5RpIjeUWeZDR2w=;
        b=KUrH5ZPwxVb7rY5fhPNkQ/koAeljBagMV0+7rdBN1lALJJIksBCdR1b25SeqX95R1d
         DCrQnCKCUUTjbMLHJMHaUUM8lsPekmdoRPQf0t+WFBsQhi2R6hNaE7Dg+Gi/35gVBHL5
         sKfZ2ORgyYuFGzvsRAhYdnDao/bYi9f60pIIo34YlKDuGlKZAqG6CtJK1rp+1EHSdl/a
         pwr7HQR/B/t8/61NcbovgyTTkYec9loEreJSk+7v34NUisZ4Yakh2mLrP6df6J9KilA1
         DxW/BcGhA9pj54m9XdOmdOb7s+zBZStbDVbuAJYdtHFH+2VKJ2RwfUtjJHlJwSnXT8S+
         Eevg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@marvell.com header.s=pfpt0220 header.b=Dq49Tofy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=marvell.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ds20si7748065ejc.62.2020.09.07.23.45.25;
        Mon, 07 Sep 2020 23:45:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@marvell.com header.s=pfpt0220 header.b=Dq49Tofy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=marvell.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729100AbgIHGmk (ORCPT <rfc822;zeqiangyin@gmail.com>
        + 99 others); Tue, 8 Sep 2020 02:42:40 -0400
Received: from mx0a-0016f401.pphosted.com ([67.231.148.174]:13026 "EHLO
        mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1728759AbgIHGmj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 Sep 2020 02:42:39 -0400
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
        by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0886fEUZ009895;
        Mon, 7 Sep 2020 23:42:34 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=date : from : to :
 cc : subject : in-reply-to : message-id : references : mime-version :
 content-type; s=pfpt0220; bh=AGPffl/YHuPDteRp3+NES37/v9a5o5RpIjeUWeZDR2w=;
 b=Dq49Tofyh+QjSvyGCn8ZUVAGoZddSjpoKoldiBdTkCprIYZX8MeqAqCtkyGOq5hl1UOS
 nSvtdAPKfXcOA1xRlwWtbo/5tZqFV6uSCPO3VtUuvn+h9TmnkNBzYi9t3cbZcB2dI0VQ
 uvPuvHmDOic4qm0tmw1z9bfDRHjDCLxT8uw38HCtHzj32e1WeaY2JJflasSs1/kehLSz
 t8ii9Dj/596CFcPLb0LAYNe7cyLq+G2baz9hZAGEBZkDMPx/H7hb7CaZgiWK5eP6P3Bv
 ZqKxa9MD6PklsQfkfpLb88/KURyg+hHk1Ja6jigRqYRoVyMrlv93e2gmQ9TC3jXiihZD tw== 
Received: from sc-exch03.marvell.com ([199.233.58.183])
        by mx0a-0016f401.pphosted.com with ESMTP id 33c81ptfy0-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
        Mon, 07 Sep 2020 23:42:33 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH03.marvell.com
 (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 7 Sep
 2020 23:42:32 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Mon, 7 Sep 2020 23:42:32 -0700
Received: from irv1user01.caveonetworks.com (unknown [10.104.116.179])
        by maili.marvell.com (Postfix) with ESMTP id 92EC23F703F;
        Mon,  7 Sep 2020 23:42:32 -0700 (PDT)
Received: from localhost (aeasi@localhost)
        by irv1user01.caveonetworks.com (8.14.4/8.14.4/Submit) with ESMTP id 0886gW3p019943;
        Mon, 7 Sep 2020 23:42:32 -0700
X-Authentication-Warning: irv1user01.caveonetworks.com: aeasi owned process doing -bs
Date:   Mon, 7 Sep 2020 23:42:32 -0700
From:   Arun Easi <aeasi@marvell.com>
X-X-Sender: aeasi@irv1user01.caveonetworks.com
To:     Daniel Wagner <dwagner@suse.de>
CC:     <linux-scsi@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        "Nilesh Javali" <njavali@marvell.com>,
        Martin Wilck <mwilck@suse.com>
Subject: Re: [PATCH v2 1/4] qla2xxx: Warn if done() or free() are called on
 an already freed srb
In-Reply-To: <20200831161854.70879-2-dwagner@suse.de>
Message-ID: <alpine.LRH.2.21.9999.2009072341491.28578@irv1user01.caveonetworks.com>
References: <20200831161854.70879-1-dwagner@suse.de>
 <20200831161854.70879-2-dwagner@suse.de>
User-Agent: Alpine 2.21.9999 (LRH 334 2019-03-29)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687
 definitions=2020-09-08_02:2020-09-08,2020-09-08 signatures=0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 31 Aug 2020, 9:18am, Daniel Wagner wrote:

> 
> Emit a warning when ->done or ->free are called on an already freed
> srb. There is a hidden use-after-free bug in the driver which corrupts
> the srb memory pool which originates from the cleanup callbacks. By
> explicitly resetting the callbacks to NULL, we workaround the memory
> corruption.
> 
> An extensive search didn't bring any lights on the real problem. The
> initial idea was to set both pointers to NULL and try to catch invalid
> accesses. But instead the memory corruption was gone and the driver
> didn't crash.
> 
> Signed-off-by: Daniel Wagner <dwagner@suse.de>
> ---
>  drivers/scsi/qla2xxx/qla_init.c   | 10 ++++++++++
>  drivers/scsi/qla2xxx/qla_inline.h |  5 +++++
>  2 files changed, 15 insertions(+)
> 
> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
> index 57a2d76aa691..9e9360a4aeb5 100644
> --- a/drivers/scsi/qla2xxx/qla_init.c
> +++ b/drivers/scsi/qla2xxx/qla_init.c
> @@ -63,6 +63,16 @@ void qla2x00_sp_free(srb_t *sp)
>  	qla2x00_rel_sp(sp);
>  }
>  
> +void qla2xxx_rel_done_warning(srb_t *sp, int res)
> +{
> +	WARN_ONCE(1, "Calling done() of an already freed srb object\n");
> +}
> +
> +void qla2xxx_rel_free_warning(srb_t *sp)
> +{
> +	WARN_ONCE(1, "Calling free() of an already freed srb object\n");
> +}

Please print the address of srb too for the above two functions.
With that, looks good.

Regards,
-Arun