At 10:22 09/01/19, James Bottomley wrote: >On Mon, 2009-01-19 at 09:59 +0900, Hisashi Hifumi wrote: >> At 01:56 09/01/17, Anirban Chakraborty wrote: >> >> >On Jan 15, 2009, at 7:13 PM, Hisashi Hifumi wrote: >> > >> >>Hi. >> >> >> >>I got double free bug at qla2x00_probe_one's error path and >> >>kernel was panicked. >> >>qla2x00_probe_one's probe_failed path is as follows: >> >> >> >>qla2x00_free_que(ha, req, rsp); >> >>qla2x00_free_device(base_vha); >> >> >> >>qla2x00_free_device calls qla2x00_free_que through qla2x00_free_queues. >> >>qla2x00_free_device frees the same pointer of req and rsp that is already >> >>freed by qla2x00_free_que. >> >> >> >>Following patch fixes this problem. >> >>Thanks. >> >This has been fixed as a part of the ISP restart bug fix. ><http://git.kernel.org/?p=linux/kernel/git/jejb/scsi-rc-fixes-2.6.git;a=commit;h=29bdccbee69c199910b2b39377e66ee5c33f241c>http://git.kernel.org/?p=linux/kernel/git/jejb/scsi-rc-fixes-2.6.git;a=commit;h=29bdccbee69c199910b2b39377e66ee5c33f241c >> >Thanks, >> >Anirban >> >> Your patch is as follows: >> >> probe_failed: >> - qla2x00_free_que(ha, req, rsp); >> qla2x00_free_device(base_vha); >> >> >> I think just removing qla2x00_free_que here is wrong, because when >qla2x00_request_irqs or >> qla2x00_alloc_queues fails, no one frees rsp and req. > >Aren't these freed by > >qla2x00_free_device() >qla2x00_free_queues() >qla2x00_free_que() > >along that path? > >James Only qla2x00_free_que frees rsp and req above path, but just qla2x00_free_device without qla2x00_free_que is ok after ha->rsp_q_map[0] and ha->req_q_map[0] definition , such as failure of qla2x00_initialize_adapter , kthread_create or scsi_add_host. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
