drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-)
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning up the redundant qla2x00_free_fcport() and
replacing error handling with a goto chain.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
---
drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..7b6a1db55672 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,10 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2774,10 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto free_sp;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
wait_for_completion(&elsio->u.els_logo.comp);
+free_sp:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1…> Fix this by cleaning up the redundant qla2x00_free_fcport() and > replacing error handling with a goto chain. I imagine that there can be a need to provide the desired software adjustment as a patch series with two separate update steps. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc5#n81 * Deletion of inappropriate function calls * Optimisation of exception handling How do you think about to refer to the affected function (instead of the hint “error handling path”) in the summary phrase? Regards, Markus
When dma_alloc_coherent() or qla2x00_start_sp() return an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
qla2x00_free_fcport() again in the error handling path.
Fix this by cleaning the duplicate qla2x00_free_fcport() calls up.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
---
V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
V1 -> V2: Optimisation of exception handling
drivers/scsi/qla2xxx/qla_iocb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..faec66bd1951 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2751,7 +2751,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (!elsio->u.els_logo.els_logo_pyld) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2776,7 +2775,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (rval != QLA_SUCCESS) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
--
2.36.1* I would usually expect a corresponding cover letter for patch series.
* Would you like to add parentheses to the function name in the summary phrase?
> When dma_alloc_coherent() or qla2x00_start_sp() return an error,
call returned?
> the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
> will call qla2x00_free_fcport() to kfree fcport. We shouldn't call
free “fcport”?
> qla2x00_free_fcport() again in the error handling path.
paths?
> Fix this by cleaning the duplicate qla2x00_free_fcport() calls up.
Would the wording “Thus delete duplicate qla2x00_free_fcport() calls.” be a bit nicer?
…
> ---
> V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
…
* How do you think about to avoid the repetition of version identifiers
(according to the selected enumeration style)?
* You would probably like to avoid another typo here.
Regards,
Markus
To avoid duplicate error handling code a bit more, use more common goto
chain in qla24xx_els_dcmd_iocb.
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
---
V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps
V1 -> V2: Optimisation of exception handling
drivers/scsi/qla2xxx/qla_iocb.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index faec66bd1951..a3a3904cbb47 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,9 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2773,9 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2784,7 +2782,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
-
+put_ref:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1Would you like to use the summary phrase “Use common error handling code in qla24xx_els_dcmd_iocb()”? > To avoid duplicate error handling code a bit more, use more common goto > chain in qla24xx_els_dcmd_iocb. How do you think about the following wording? Add a jump target so that a bit of exception handling can be better reused at the end of this function implementation. Can the tag “Suggested-by” be helpful for an improved change description? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc6#n586 Regards, Markus
Hi maintainers, This patch series includes two patches that address a double free bug in the driver scsi/qla2xxx, and optimize error handling code in the qla24xx_els_dcmd_iocb(). Patch 1/2: Fix double free of fcport in qla24xx_els_dcmd_iocb() Patch 2/2: Use common error handling code in qla24xx_els_dcmd_iocb() The changelog for the patch series is as follows. V3 -> V4: Improve patch summary and description V2 -> V3: Improve patch summary and provide a patch serises with two separate update steps V1 -> V2: Optimisation of exception handling Please review and let me know if you have any questions or concerns. Best regards, Yongzhi Liu drivers/scsi/qla2xxx/qla_iocb.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) -- 2.36.1
When dma_alloc_coherent() or qla2x00_start_sp() returned an error,
the callback function qla2x00_els_dcmd_sp_free in qla2x00_sp_release
called qla2x00_free_fcport() to free "fcport". We shouldn't call
qla2x00_free_fcport() again in the error handling paths, and thus
delete the duplicate qla2x00_free_fcport() calls.
Fixes: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of fcport")
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
---
drivers/scsi/qla2xxx/qla_iocb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index 0b41e8a06602..faec66bd1951 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2751,7 +2751,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (!elsio->u.els_logo.els_logo_pyld) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2776,7 +2775,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
if (rval != QLA_SUCCESS) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
- qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
--
2.36.1Add a jump target so that a bit of exception handling can be better reused
at the end of this function implementation.
Signed-off-by: Yongzhi Liu <hyperlyzcs@gmail.com>
Suggested-by: Markus Elfring <Markus.Elfring@web.de>
---
drivers/scsi/qla2xxx/qla_iocb.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
index faec66bd1951..a3a3904cbb47 100644
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2749,9 +2749,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
GFP_KERNEL);
if (!elsio->u.els_logo.els_logo_pyld) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
memset(&logo_pyld, 0, sizeof(struct els_logo_payload));
@@ -2773,9 +2772,8 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
- return QLA_FUNCTION_FAILED;
+ rval = QLA_FUNCTION_FAILED;
+ goto put_ref;
}
ql_dbg(ql_dbg_io, vha, 0x3074,
@@ -2784,7 +2782,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode,
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
-
+put_ref:
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
return rval;
--
2.36.1… > Fix this by cleaning up the redundant qla2x00_free_fcport() and > replacing error handling with a goto chain. … Can the following wording approach be a bit nicer? Thus clean duplicate qla2x00_free_fcport() calls up and use more common error handling code instead. > --- > drivers/scsi/qla2xxx/qla_iocb.c | 13 +++++-------- … Unfortunately, you overlooked to add a patch version description behind the marker line. See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.9-rc5#n713 … > +++ b/drivers/scsi/qla2xxx/qla_iocb.c … > @@ -2787,6 +2783,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int els_opcode, > > wait_for_completion(&elsio->u.els_logo.comp); > > +free_sp: * I suggest to omit a blank line here. * How do you think about to use the label “put_ref”? > /* ref: INIT */ > kref_put(&sp->cmd_kref, qla2x00_sp_release); > return rval; Regards, Markus
© 2016 - 2025 Red Hat, Inc.