If qedi->p_cpuq is NULL, the error handling will jump to
mem_alloc_failure. However, qedi->global_queues has not
been allocated at this point, which may lead to a null-
pointer-dereference in qedi_free_global_queues().
On the other hand, when qedi_alloc_bdq() fails, we should
free qedi->global_queues to prevent potential memleak. It's
the same for the following error paths.
Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
---
drivers/scsi/qedi/qedi_main.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index cd0180b1f5b9..c0eff34f5470 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1637,10 +1637,8 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
/* Make sure we allocated the PBL that will contain the physical
* addresses of our queues
*/
- if (!qedi->p_cpuq) {
- status = -EINVAL;
- goto mem_alloc_failure;
- }
+ if (!qedi->p_cpuq)
+ return -EINVAL;
qedi->global_queues = kzalloc((sizeof(struct global_queue *) *
qedi->num_queues), GFP_KERNEL);
@@ -1751,6 +1749,7 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi)
mem_alloc_failure:
qedi_free_global_queues(qedi);
+ kfree(qedi->global_queues);
return status;
}
--
2.17.1
