| Message ID | 20210608145712.16386-1-thenzl@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | [V2] mpi3mr: fix a double free | expand |
Tomas, > Fix a double free, scsi_tgt_priv_data will be freed in > mpi3mr_target_destroy so remove the kfree from mpi3mr_target_alloc. > I've also removed few unneeded initialisations. Applied to 5.14/scsi-staging, thanks! -- Martin K. Petersen Oracle Linux Engineering
On Tue, 8 Jun 2021 16:57:12 +0200, Tomas Henzl wrote: > Fix a double free, scsi_tgt_priv_data will be freed > in mpi3mr_target_destroy so remove the kfree from > mpi3mr_target_alloc. > I've also removed few unneeded initialisations. Applied to 5.14/scsi-queue, thanks! [1/1] mpi3mr: fix a double free https://git.kernel.org/mkp/scsi/c/d3d61f9c8c2d -- Martin K. Petersen Oracle Linux Engineering
diff --git a/drivers/scsi/mpi3mr/mpi3mr_os.c b/drivers/scsi/mpi3mr/mpi3mr_os.c index a54aa009ec5a..29d43235b525 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_os.c +++ b/drivers/scsi/mpi3mr/mpi3mr_os.c @@ -3294,13 +3294,10 @@ static int mpi3mr_target_alloc(struct scsi_target *starget) return -ENOMEM; starget->hostdata = scsi_tgt_priv_data; - scsi_tgt_priv_data->starget = starget; - scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE; spin_lock_irqsave(&mrioc->tgtdev_lock, flags); tgt_dev = __mpi3mr_get_tgtdev_by_perst_id(mrioc, starget->id); if (tgt_dev && !tgt_dev->is_hidden) { - starget->hostdata = scsi_tgt_priv_data; scsi_tgt_priv_data->starget = starget; scsi_tgt_priv_data->dev_handle = tgt_dev->dev_handle; scsi_tgt_priv_data->perst_id = tgt_dev->perst_id; @@ -3309,10 +3306,8 @@ static int mpi3mr_target_alloc(struct scsi_target *starget) tgt_dev->starget = starget; atomic_set(&scsi_tgt_priv_data->block_io, 0); retval = 0; - } else { - kfree(scsi_tgt_priv_data); + } else retval = -ENXIO; - } spin_unlock_irqrestore(&mrioc->tgtdev_lock, flags); return retval;
Fix a double free, scsi_tgt_priv_data will be freed in mpi3mr_target_destroy so remove the kfree from mpi3mr_target_alloc. I've also removed few unneeded initialisations. Signed-off-by: Tomas Henzl <thenzl@redhat.com> --- V2: removed init of scsi_tgt_priv_data->starget = starget and scsi_tgt_priv_data->dev_handle = MPI3MR_INVALID_DEV_HANDLE suggested by Kashyap drivers/scsi/mpi3mr/mpi3mr_os.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-)