Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2455760pxj; Mon, 10 May 2021 03:29:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJykqEv4CffRXKlg6FL72idOGO0hc+5tZ9eGOD/p0JXGvKXQmFm37ziPV2IYIA8gaQlvEQNY X-Received: by 2002:a92:3203:: with SMTP id z3mr20292450ile.22.1620642570203; Mon, 10 May 2021 03:29:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620642570; cv=none; d=google.com; s=arc-20160816; b=qfpBsxrPFjDoc2i/Wg2ym1cgdh4fPlF6ljwA8J6AEPPm+VsYZbABh8D3zjo2T4TM4v PpAjFQ0ZWmD7o53XJrVi+I7qiKv6WeKxfs2s9wtAo1Nb4IBXP8NX67YMxuz/nrSwX3++ Gl4Jswx8iR76M5Fzx0ukKIfUNd3KKiKLGW2bq/+IH/FPSCTPrKbnCgODU4ZLTspUpvCA GXPUerfkv7fMZ2/wOLvhvaYOsQnM72uoTNXdPSc4km841ugGQ4PRJyG3EyrjFW3WFiuv H4Kp4uAXrdqX+6BDUWdoK9n8RbM0iW0FzrPSp+Td9qqbNReTDVTiWmEMDLrk2bBrXM0a Ji+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zfKAzEnUj08zfwmwLrUm6RAgPSgMqf1vGdaUK0xdtng=; b=HV+CDH2PheerVGj+MxYLxQ+erj6JiMjqLyUnzLZZD8P1jioBXwQ3bKo4/hv1PkP3gC Il9gXpqOVYbUgWyVNLoFhbepIOnpuw1HyBZusdoHlopIphOVsnvxNdQ2txmww3cCIlCJ 6l6ItrewVdL3bMIlFgmUgc9BYkE3Wqp1udEjwkQwpPWSWoNhIHs9W58kmkIFzK9YwwfV lek+csrgoV8ACcKiuHCwk6tygtw3AIoauyLJyn2pPQM3QZbCs3B0Lc6BnWEomFB22M6s cEMtVGijLYiS4dYmkpuhYnO8GwNWR+XQaHPtKfY+IP7qNWNxBgjPycy4Z147G3touET8 9rEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PBmguXNi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p9si17692114iov.92.2021.05.10.03.29.18; Mon, 10 May 2021 03:29:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PBmguXNi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230436AbhEJK2F (ORCPT + 99 others); Mon, 10 May 2021 06:28:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:60168 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231472AbhEJK0a (ORCPT ); Mon, 10 May 2021 06:26:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 01A8D61482; Mon, 10 May 2021 10:25:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620642324; bh=kt1OJdYY3KsJiJ2yGuURdWeGZ3aZfMOubMLZlBv2lZA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PBmguXNi00LE1b2p7x9A45vba5Ny3yT6QvkVtrBjeA9LUMaf09pXoIouAnur1VRqH ahtX1MbhG7rjFReULxE2CjK/0x4yMPxzi+pz1okB23kWNtUF+L64SNayaehHyBok1C FBE7+LrN50RSGdxFde0b5OpHwjPpiDgxoiysPKfo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Laurence Oberman , Dan Carpenter , Himanshu Madhani , Arun Easi , Nilesh Javali , "Martin K. Petersen" Subject: [PATCH 5.4 013/184] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() Date: Mon, 10 May 2021 12:18:27 +0200 Message-Id: <20210510101950.649851673@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510101950.200777181@linuxfoundation.org> References: <20210510101950.200777181@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arun Easi commit 6641df81ab799f28a5d564f860233dd26cca0d93 upstream. RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free. Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout") Cc: stable@vger.kernel.org # 5.5 Reported-by: Laurence Oberman Reported-by: Dan Carpenter Reviewed-by: Himanshu Madhani Signed-off-by: Arun Easi Signed-off-by: Nilesh Javali Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla2xxx/qla_os.c | 7 ------- 1 file changed, 7 deletions(-) --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -983,8 +983,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host * if (rval != QLA_SUCCESS) { ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x3078, "Start scsi failed rval=%d for cmd=%p.\n", rval, cmd); - if (rval == QLA_INTERFACE_ERROR) - goto qc24_free_sp_fail_command; goto qc24_host_busy_free_sp; } @@ -996,11 +994,6 @@ qc24_host_busy_free_sp: qc24_target_busy: return SCSI_MLQUEUE_TARGET_BUSY; -qc24_free_sp_fail_command: - sp->free(sp); - CMD_SP(cmd) = NULL; - qla2xxx_rel_qpair_sp(sp->qpair, sp); - qc24_fail_command: cmd->scsi_done(cmd);