On Tue, 2020-01-14 at 18:56 -0800, Bart Van Assche wrote:
> On 2020-01-14 10:13, Ewan D. Milne wrote:
> > Yes, but isn't that after "if (new_fcport == NULL)" where the code has
> > put the previously allocated fcport into the &vha->vp_fcports list and
> > was unable to allocate another one?
>
> How about the (untested) patch below?
>
> Thanks,
>
> Bart.
>
>
> From 436e1552f79b3a3b7d3f3b1dea1df27c33bd0d49 Mon Sep 17 00:00:00 2001
> From: Bart Van Assche <bvanassche@xxxxxxx>
> Date: Sun, 12 Jan 2020 09:17:37 -0800
> Subject: [PATCH v2] qla2xxx: Fix a NULL pointer dereference in an error path
>
> This patch fixes the following Coverity complaint:
>
> FORWARD_NULL
>
> qla_init.c: 5275 in qla2x00_configure_local_loop()
> 5269
> 5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
> 5271 qla24xx_fcport_handle_login(vha, fcport);
> 5272 }
> 5273
> 5274 cleanup_allocation:
> > > > CID 353340: (FORWARD_NULL)
> > > > Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
>
> 5275 qla2x00_free_fcport(new_fcport);
> 5276
> 5277 if (rval != QLA_SUCCESS) {
> 5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
> 5279 "Configure local loop error exit: rval=%x.\n", rval);
> 5280 }
> qla_init.c: 5275 in qla2x00_configure_local_loop()
> 5269
> 5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
> 5271 qla24xx_fcport_handle_login(vha, fcport);
> 5272 }
> 5273
> 5274 cleanup_allocation:
> > > > CID 353340: (FORWARD_NULL)
> > > > Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
>
> 5275 qla2x00_free_fcport(new_fcport);
> 5276
> 5277 if (rval != QLA_SUCCESS) {
> 5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
> 5279 "Configure local loop error exit: rval=%x.\n", rval);
> 5280 }
>
> Cc: Himanshu Madhani <hmadhani@xxxxxxxxxxx>
> Cc: Quinn Tran <qutran@xxxxxxxxxxx>
> Cc: Martin Wilck <mwilck@xxxxxxxx>
> Cc: Daniel Wagner <dwagner@xxxxxxx>
> Cc: Roman Bolshakov <r.bolshakov@xxxxxxxxx>
> Fixes: 3dae220595ba ("scsi: qla2xxx: Use common routine to free fcport struct")
> Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
> ---
> drivers/scsi/qla2xxx/qla_init.c | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
> index c4e087217484..62df78258269 100644
> --- a/drivers/scsi/qla2xxx/qla_init.c
> +++ b/drivers/scsi/qla2xxx/qla_init.c
> @@ -5109,7 +5109,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
> rval = qla2x00_get_id_list(vha, ha->gid_list, ha->gid_list_dma,
> &entries);
> if (rval != QLA_SUCCESS)
> - goto cleanup_allocation;
> + goto err;
>
> ql_dbg(ql_dbg_disc, vha, 0x2011,
> "Entries in ID list (%d).\n", entries);
> @@ -5139,7 +5139,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
> ql_log(ql_log_warn, vha, 0x2012,
> "Memory allocation failed for fcport.\n");
> rval = QLA_MEMORY_ALLOC_FAILED;
> - goto cleanup_allocation;
> + goto err;
> }
> new_fcport->flags &= ~FCF_FABRIC_DEVICE;
>
> @@ -5229,7 +5229,7 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
> ql_log(ql_log_warn, vha, 0xd031,
> "Failed to allocate memory for fcport.\n");
> rval = QLA_MEMORY_ALLOC_FAILED;
> - goto cleanup_allocation;
> + goto err;
> }
> spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags);
> new_fcport->flags &= ~FCF_FABRIC_DEVICE;
> @@ -5272,15 +5272,14 @@ qla2x00_configure_local_loop(scsi_qla_host_t *vha)
> qla24xx_fcport_handle_login(vha, fcport);
> }
>
> -cleanup_allocation:
> qla2x00_free_fcport(new_fcport);
>
> - if (rval != QLA_SUCCESS) {
> - ql_dbg(ql_dbg_disc, vha, 0x2098,
> - "Configure local loop error exit: rval=%x.\n", rval);
> - }
> + return rval;
>
> - return (rval);
> +err:
> + ql_dbg(ql_dbg_disc, vha, 0x2098,
> + "Configure local loop error exit: rval=%x.\n", rval);
> + return rval;
> }
>
> static void
>
That looks fine. Thanks.
Reviewed-by: Ewan D. Milne <emilne@xxxxxxxxxx>
