Patch "scsi: qla2xxx: Fix double free of the ha->vp_map pointer" has been added to the 6.8-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 01 Apr 2024 12:30:21 +0200

This is a note to let you know that I've just added the patch titled

    scsi: qla2xxx: Fix double free of the ha->vp_map pointer

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-qla2xxx-fix-double-free-of-the-ha-vp_map-pointer.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From e288285d47784fdcf7c81be56df7d65c6f10c58b Mon Sep 17 00:00:00 2001
From: Saurav Kashyap <skashyap@xxxxxxxxxxx>
Date: Tue, 27 Feb 2024 22:11:23 +0530
Subject: scsi: qla2xxx: Fix double free of the ha->vp_map pointer

From: Saurav Kashyap <skashyap@xxxxxxxxxxx>

commit e288285d47784fdcf7c81be56df7d65c6f10c58b upstream.

Coverity scan reported potential risk of double free of the pointer
ha->vp_map.  ha->vp_map was freed in qla2x00_mem_alloc(), and again freed
in function qla2x00_mem_free(ha).

Assign NULL to vp_map and kfree take care of NULL.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Saurav Kashyap <skashyap@xxxxxxxxxxx>
Signed-off-by: Nilesh Javali <njavali@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/20240227164127.36465-8-njavali@xxxxxxxxxxx
Reviewed-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/scsi/qla2xxx/qla_os.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -4602,6 +4602,7 @@ fail_free_init_cb:
 	ha->init_cb_dma = 0;
 fail_free_vp_map:
 	kfree(ha->vp_map);
+	ha->vp_map = NULL;
 fail:
 	ql_log(ql_log_fatal, NULL, 0x0030,
 	    "Memory allocation failure.\n");


Patches currently in stable-queue which might be from skashyap@xxxxxxxxxxx are

queue-6.8/scsi-qla2xxx-fix-double-free-of-the-ha-vp_map-pointer.patch
queue-6.8/scsi-qla2xxx-fix-double-free-of-fcport.patch
queue-6.8/scsi-qla2xxx-change-debug-message-during-driver-unload.patch







