On 2020-01-14 10:13, Ewan D. Milne wrote:
> Yes, but isn't that after "if (new_fcport == NULL)" where the code has
> put the previously allocated fcport into the &vha->vp_fcports list and
> was unable to allocate another one?
How about the (untested) patch below?
Thanks,
Bart.
>From 436e1552f79b3a3b7d3f3b1dea1df27c33bd0d49 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@xxxxxxx>
Date: Sun, 12 Jan 2020 09:17:37 -0800
Subject: [PATCH v2] qla2xxx: Fix a NULL pointer dereference in an error path
This patch fixes the following Coverity complaint:
FORWARD_NULL
qla_init.c: 5275 in qla2x00_configure_local_loop()
5269
5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
5271 qla24xx_fcport_handle_login(vha, fcport);
5272 }
5273
5274 cleanup_allocation:
>>> CID 353340: (FORWARD_NULL)
>>> Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
5275 qla2x00_free_fcport(new_fcport);
5276
5277 if (rval != QLA_SUCCESS) {
5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
5279 "Configure local loop error exit: rval=%x.\n", rval);
5280 }
qla_init.c: 5275 in qla2x00_configure_local_loop()
5269
5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
5271 qla24xx_fcport_handle_login(vha, fcport);
5272 }
5273
5274 cleanup_allocation:
>>> CID 353340: (FORWARD_NULL)
>>> Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
5275 qla2x00_free_fcport(new_fcport);
5276
5277 if (rval != QLA_SUCCESS) {
5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
5279 "Configure local loop error exit: rval=%x.\n", rval);
5280 }
Cc: Himanshu Madhani <hmadhani@xxxxxxxxxxx>
Cc: Quinn Tran <qutran@xxxxxxxxxxx>
Cc: Martin Wilck <mwilck@xxxxxxxx>
Cc: Daniel Wagner <dwagner@xxxxxxx>
Cc: Roman Bolshakov <r.bolshakov@xxxxxxxxx>
Fixes: 3dae220595ba ("scsi: qla2xxx: Use common routine to free fcport struct")
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
drivers/scsi/qla2xxx/qla_init.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index c4e087217484..62df78258269 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -5109,7 +5109,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
rval = qla2x00_get_id_list(vha, ha->gid_list, ha->gid_list_dma,
&entries);
if (rval != QLA_SUCCESS)
- goto cleanup_allocation;
+ goto err;
ql_dbg(ql_dbg_disc, vha, 0x2011,
"Entries in ID list (%d).\n", entries);
@@ -5139,7 +5139,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
ql_log(ql_log_warn, vha, 0x2012,
"Memory allocation failed for fcport.\n");
rval = QLA_MEMORY_ALLOC_FAILED;
- goto cleanup_allocation;
+ goto err;
}
new_fcport->flags &= ~FCF_FABRIC_DEVICE;
@@ -5229,7 +5229,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
ql_log(ql_log_warn, vha, 0xd031,
"Failed to allocate memory for fcport.\n");
rval = QLA_MEMORY_ALLOC_FAILED;
- goto cleanup_allocation;
+ goto err;
}
spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags);
new_fcport->flags &= ~FCF_FABRIC_DEVICE;
@@ -5272,15 +5272,14 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
qla24xx_fcport_handle_login(vha, fcport);
}
-cleanup_allocation:
qla2x00_free_fcport(new_fcport);
- if (rval != QLA_SUCCESS) {
- ql_dbg(ql_dbg_disc, vha, 0x2098,
- "Configure local loop error exit: rval=%x.\n", rval);
- }
+ return rval;
- return (rval);
+err:
+ ql_dbg(ql_dbg_disc, vha, 0x2098,
+ "Configure local loop error exit: rval=%x.\n", rval);
+ return rval;
}
static void
