Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2495587pxj; Mon, 10 May 2021 04:30:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqB7cg0NlFEFFhgNcLfdfI20nFGhTexZUZp5v1QkhBLtebYo9B1W9hNAEwRs9hc/lBMaMk X-Received: by 2002:a17:906:79c8:: with SMTP id m8mr25624840ejo.260.1620646220511; Mon, 10 May 2021 04:30:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620646220; cv=none; d=google.com; s=arc-20160816; b=nsKX/D6WCwNfDDENF5wLFWVrnn1q2qBGXBlMg9a4xC8trE4g7Sgwxvc89uOLvRhoFE f61Oc6z6QCJUGHFtvmBCaNrhWJdZPM4f1KzV5tXxOwpK8SNlPc8ZSoiz+xy70oyZQ0j7 K+W8qLXPIobM7HDQq6qwbn8ecsGqzXmsmjyriLE+RhD1IoHAMVxJO6AoVFK1KeDK8ZnY p2xVNbAqDo6sbInhUSaFGtVu8GLkhNWPPxjf9Yd9SbWaEykopJpanE7/IGj+loDXoc33 2kfXaiKmBAX736bzIjFlfhg7cQX272BA2IqqXcZA/7jDr/dt2JD8UTx8jIKifAjzY4hg 2AKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WgufETu8TVorEWnlCfoBPdeSCBHlZijQDkLYi7ZKKPI=; b=eAz10cWhPuVyMNE/N9TwEA4M4adPgKvpDWsgIuswrUk7fLJqnNfNpbfwP8/Ufcg1lq RBfg8pxq9fwruDLd/rJGfgDTql5I1pbfWu0NayLnceDedyDLFxDzvBju4pAtcrJVdkL+ 3h+iWUMKhyjOJqwdMq5aoIMzDxOtrE/6cMLlBCCr3rFqjtpozWGOtNhDUn/tNfSoonHw s8KImQbn+rvcS1RgQA15iLuaXlToCTBiUjcaLL1rmlAPidwIhnP7ijT5BIyNFcT/zwXp N2VFYyk2Bwz3vfp1XMdWvoS/z/jt9j1bvRbpNjdTKvCTpBvcUyA6yGCj4r31A4V8o42U WI2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fkr3Sdm3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jo9si13248173ejb.552.2021.05.10.04.29.55; Mon, 10 May 2021 04:30:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fkr3Sdm3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235625AbhEJLY4 (ORCPT + 99 others); Mon, 10 May 2021 07:24:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:53030 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234232AbhEJK4F (ORCPT ); Mon, 10 May 2021 06:56:05 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 496D761574; Mon, 10 May 2021 10:44:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620643486; bh=/z5dTUJjzmVUsgl8hevEc3fL8woqrdFfRIFbIj23xeE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fkr3Sdm3fyCxKRAn1w9+4BPoRbpmwJJOmXy2OX6P6G6jJd3Lu4+tWHSWl+C0rUlFB 46oEdBC2bheKFYz8vbd2RbFYQ1h8F45+ZM++51gNRpvBDTe9AW2351f6wB6O5jB/Yh QSKgeSaBhgfCx9TA2AnARGMxYcSD+qqe0Qm3YhVQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Laurence Oberman , Dan Carpenter , Himanshu Madhani , Arun Easi , Nilesh Javali , "Martin K. Petersen" Subject: [PATCH 5.11 035/342] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() Date: Mon, 10 May 2021 12:17:05 +0200 Message-Id: <20210510102011.258028893@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arun Easi commit 6641df81ab799f28a5d564f860233dd26cca0d93 upstream. RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free. Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout") Cc: stable@vger.kernel.org # 5.5 Reported-by: Laurence Oberman Reported-by: Dan Carpenter Reviewed-by: Himanshu Madhani Signed-off-by: Arun Easi Signed-off-by: Nilesh Javali Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/qla2xxx/qla_os.c | 7 ------- 1 file changed, 7 deletions(-) --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1008,8 +1008,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host * if (rval != QLA_SUCCESS) { ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x3078, "Start scsi failed rval=%d for cmd=%p.\n", rval, cmd); - if (rval == QLA_INTERFACE_ERROR) - goto qc24_free_sp_fail_command; goto qc24_host_busy_free_sp; } @@ -1021,11 +1019,6 @@ qc24_host_busy_free_sp: qc24_target_busy: return SCSI_MLQUEUE_TARGET_BUSY; -qc24_free_sp_fail_command: - sp->free(sp); - CMD_SP(cmd) = NULL; - qla2xxx_rel_qpair_sp(sp->qpair, sp); - qc24_fail_command: cmd->scsi_done(cmd);