review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Justin Tee <justin.tee@broadcom.com>
	Mon, 17 Apr 2023 19:15:53 +0000 (12:15 -0700)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Mon, 8 May 2023 11:16:04 +0000 (07:16 -0400)
commit	97f975823f8196d970bd795087b514271214677a
tree	059c2c4efb0dea93f64e1704d7e024697d555bff	tree \| snapshot
parent	84c868a702f520a75af8a6f0bf8084135e09c510	commit \| diff

scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used()

Smatch detected a double free path because lpfc_nlp_not_used() releases an
ndlp object before reaching lpfc_nlp_put() at the end of
lpfc_cmpl_els_logo_acc().

Remove the outdated lpfc_nlp_not_used() routine.  In
lpfc_mbx_cmpl_ns_reg_login(), replace the call with lpfc_nlp_put().  In
lpfc_cmpl_els_logo_acc(), replace the call with lpfc_unreg_rpi() and keep
the lpfc_nlp_put() at the end of the routine.  If ndlp's rpi was
registered, then lpfc_unreg_rpi()'s completion routine performs the final
ndlp clean up after lpfc_nlp_put() is called from lpfc_cmpl_els_logo_acc().
Otherwise if ndlp has no rpi registered, the lpfc_nlp_put() at the end of
lpfc_cmpl_els_logo_acc() is the final ndlp clean up.

Fixes: 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference taking")
Cc: <stable@vger.kernel.org> # v5.11+
Reported-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/all/Y3OefhyyJNKH%2Fiaf@kili/
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20230417191558.83100-3-justintee8345@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/lpfc/lpfc_crtn.h		diff \| blob \| history
drivers/scsi/lpfc/lpfc_els.c		diff \| blob \| history
drivers/scsi/lpfc/lpfc_hbadisc.c		diff \| blob \| history