tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

scsi: qla2xxx: Fix a NULL pointer dereference in an error path

This patch fixes the following Coverity complaint:

FORWARD_NULL

qla_init.c: 5275 in qla2x00_configure_local_loop()
5269
5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
5271 qla24xx_fcport_handle_login(vha, fcport);
5272 }
5273
5274 cleanup_allocation:
>>> CID 353340: (FORWARD_NULL)
>>> Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
5275 qla2x00_free_fcport(new_fcport);
5276
5277 if (rval != QLA_SUCCESS) {
5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
5279 "Configure local loop error exit: rval=%x.\n", rval);
5280 }
qla_init.c: 5275 in qla2x00_configure_local_loop()
5269
5270 if (fcport->scan_state == QLA_FCPORT_FOUND)
5271 qla24xx_fcport_handle_login(vha, fcport);
5272 }
5273
5274 cleanup_allocation:
>>> CID 353340: (FORWARD_NULL)
>>> Passing null pointer "new_fcport" to "qla2x00_free_fcport", which dereferences it.
5275 qla2x00_free_fcport(new_fcport);
5276
5277 if (rval != QLA_SUCCESS) {
5278 ql_dbg(ql_dbg_disc, vha, 0x2098,
5279 "Configure local loop error exit: rval=%x.\n", rval);
5280 }

Fixes: 3dae220595ba ("scsi: qla2xxx: Use common routine to free fcport struct")
Cc: Himanshu Madhani <hmadhani@marvell.com>
Cc: Quinn Tran <qutran@marvell.com>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Daniel Wagner <dwagner@suse.de>
Cc: Roman Bolshakov <r.bolshakov@yadro.com>
Link: https://lore.kernel.org/r/20200118042056.32232-1-bvanassche@acm.org
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Bart Van Assche and committed by
Martin K. Petersen 17c5f65d 6ca67a8e

+8 -9
+8 -9
drivers/scsi/qla2xxx/qla_init.c
··· 5108 5108 rval = qla2x00_get_id_list(vha, ha->gid_list, ha->gid_list_dma, 5109 5109 &entries); 5110 5110 if (rval != QLA_SUCCESS) 5111 - goto cleanup_allocation; 5111 + goto err; 5112 5112 5113 5113 ql_dbg(ql_dbg_disc, vha, 0x2011, 5114 5114 "Entries in ID list (%d).\n", entries); ··· 5138 5138 ql_log(ql_log_warn, vha, 0x2012, 5139 5139 "Memory allocation failed for fcport.\n"); 5140 5140 rval = QLA_MEMORY_ALLOC_FAILED; 5141 - goto cleanup_allocation; 5141 + goto err; 5142 5142 } 5143 5143 new_fcport->flags &= ~FCF_FABRIC_DEVICE; 5144 5144 ··· 5228 5228 ql_log(ql_log_warn, vha, 0xd031, 5229 5229 "Failed to allocate memory for fcport.\n"); 5230 5230 rval = QLA_MEMORY_ALLOC_FAILED; 5231 - goto cleanup_allocation; 5231 + goto err; 5232 5232 } 5233 5233 spin_lock_irqsave(&vha->hw->tgt.sess_lock, flags); 5234 5234 new_fcport->flags &= ~FCF_FABRIC_DEVICE; ··· 5271 5271 qla24xx_fcport_handle_login(vha, fcport); 5272 5272 } 5273 5273 5274 - cleanup_allocation: 5275 5274 qla2x00_free_fcport(new_fcport); 5276 5275 5277 - if (rval != QLA_SUCCESS) { 5278 - ql_dbg(ql_dbg_disc, vha, 0x2098, 5279 - "Configure local loop error exit: rval=%x.\n", rval); 5280 - } 5276 + return rval; 5281 5277 5282 - return (rval); 5278 + err: 5279 + ql_dbg(ql_dbg_disc, vha, 0x2098, 5280 + "Configure local loop error exit: rval=%x.\n", rval); 5281 + return rval; 5283 5282 } 5284 5283 5285 5284 static void