From patchwork Wed Sep 23 13:32:32 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
X-Patchwork-Id: 7249761
Return-Path: <linux-scsi-owner@kernel.org>
X-Original-To: patchwork-linux-scsi@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 1F04E9F32B
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 23 Sep 2015 13:33:05 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 22CB820AEE
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 23 Sep 2015 13:33:04 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id AC2F020AE3
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 23 Sep 2015 13:32:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755119AbbIWNcl (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Wed, 23 Sep 2015 09:32:41 -0400
Received: from mail-pa0-f53.google.com ([209.85.220.53]:33964 "EHLO
	mail-pa0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755116AbbIWNck (ORCPT
	<rfc822; linux-scsi@vger.kernel.org>); Wed, 23 Sep 2015 09:32:40 -0400
Received: by padhy16 with SMTP id hy16so41037913pad.1;
	Wed, 23 Sep 2015 06:32:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=1R5fMQnPcpieBse6x5FWvRspFLTfmRvL9DcH2G5NLoc=;
	b=yCOtVnD15FjNA3wqlQbaQ5q6N07zYC+t6Rjd3ABeErNpwMSvM1dLaMLY+urOg+/z+M
	w0WjRv0XqdrD/pXzqgX+pcVb8jvRWa5Gvg7kvwnGYbPRv1vmWUaEA/DLKvlp9Ub0OM4g
	yfkHt4GbLvEP6zNs92Y7R/29t4fWecS8yFL9qgFktAUG2ya/E4M5mU0IAgVkzUqnKYXl
	wcroFYRFBt70sN01P+kOyqi9/selHiMjR+Lj+i0KiROp6/9gthWV9l1apbzeN9bd6ybG
	o9Fx1GrIfauUPUR/FlKZywxGMQwOD3QO7MkDAId+pHj07Xso2uWpZ9sbIsxP0lEHslcy
	uWlA==
X-Received: by 10.66.163.136 with SMTP id yi8mr37817806pab.124.1443015160241;
	Wed, 23 Sep 2015 06:32:40 -0700 (PDT)
Received: from localhost.localdomain ([49.206.240.178])
	by smtp.gmail.com with ESMTPSA id
	jw6sm8074435pbb.86.2015.09.23.06.32.37
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 23 Sep 2015 06:32:39 -0700 (PDT)
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
To: James Smart <james.smart@avagotech.com>,
	Dick Kennedy <dick.kennedy@avagotech.com>,
	"James E.J. Bottomley" <JBottomley@odin.com>
Cc: linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org,
	Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Subject: [PATCH] lpfc: fix memory leak and NULL dereference
Date: Wed, 23 Sep 2015 19:02:32 +0530
Message-Id: <1443015152-12301-1-git-send-email-sudipm.mukherjee@gmail.com>
X-Mailer: git-send-email 1.9.1
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

kmalloc() can return NULL and without checking we were dereferencing it.
Moreover if kmalloc succeeds but the function fails in other parts then
we were returning the error code but we missed freeing lcb_context.
While at it fixed one related checkpatch warning.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Reviewed-by: James Smart <james.smart@avagotech.com>
---

I am not exactly sure if LSRJT_UNABLE_TPC is the right error code here.
But that was my best guess.

 drivers/scsi/lpfc/lpfc_els.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 36bf58b..a27efd9 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -5209,7 +5209,6 @@ lpfc_els_rcv_lcb(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
 		rjt_err = LSRJT_CMD_UNSUPPORTED;
 		goto rjt;
 	}
-	lcb_context = kmalloc(sizeof(struct lpfc_lcb_context), GFP_KERNEL);
 
 	if (phba->hba_flag & HBA_FCOE_MODE) {
 		rjt_err = LSRJT_CMD_UNSUPPORTED;
@@ -5240,6 +5239,12 @@ lpfc_els_rcv_lcb(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
 		goto rjt;
 	}
 
+	lcb_context = kmalloc(sizeof(*lcb_context), GFP_KERNEL);
+	if (!lcb_context) {
+		rjt_err = LSRJT_UNABLE_TPC;
+		goto rjt;
+	}
+
 	state = (beacon->lcb_sub_command == LPFC_LCB_ON) ? 1 : 0;
 	lcb_context->sub_command = beacon->lcb_sub_command;
 	lcb_context->type = beacon->lcb_type;
@@ -5250,6 +5255,7 @@ lpfc_els_rcv_lcb(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
 	if (lpfc_sli4_set_beacon(vport, lcb_context, state)) {
 		lpfc_printf_vlog(ndlp->vport, KERN_ERR,
 				 LOG_ELS, "0193 failed to send mail box");
+		kfree(lcb_context);
 		lpfc_nlp_put(ndlp);
 		rjt_err = LSRJT_UNABLE_TPC;
 		goto rjt;