diff mbox series

scsi: be2iscsi: revert "Fix a theoretical leak in beiscsi_create_eqs()"

Message ID X8jXkt6eThjyVP1v@mwanda (mailing list archive)
State Accepted
Headers show
Series scsi: be2iscsi: revert "Fix a theoretical leak in beiscsi_create_eqs()" | expand

Commit Message

Dan Carpenter Dec. 3, 2020, 12:18 p.m. UTC
My patch caused kernel Oopses and delays in boot.  Revert it.

The problem was that I moved the "mem->dma = paddr;" before the call to
be_fill_queue().  But the first thing that the be_fill_queue() function
does is memset the whole struct to zero which overwrites the assignment.

Fixes: 38b2db564d9a ("scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()")
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
My original patch was basically a clean up patch and to try silence a
static checker warning.  I've already updated the static checker to not
warn about impossible leaks and in this case we know that be_fill_queue()
cannot fail.

I was tempted to delete the "mem->va = eq_vaddress;" assignment as a
clean up but I didn't.  :P

 drivers/scsi/be2iscsi/be_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Greg KH Dec. 3, 2020, 6:25 p.m. UTC | #1
On Thu, Dec 03, 2020 at 03:18:26PM +0300, Dan Carpenter wrote:
> My patch caused kernel Oopses and delays in boot.  Revert it.
> 
> The problem was that I moved the "mem->dma = paddr;" before the call to
> be_fill_queue().  But the first thing that the be_fill_queue() function
> does is memset the whole struct to zero which overwrites the assignment.
> 
> Fixes: 38b2db564d9a ("scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()")
> Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Can someone please add:
	Cc: stable <stable@vger.kernel.org>
to this so we know to pick it up quickly there?

thanks,

greg k-h
Martin K. Petersen Dec. 3, 2020, 8:45 p.m. UTC | #2
On Thu, 3 Dec 2020 15:18:26 +0300, Dan Carpenter wrote:

> My patch caused kernel Oopses and delays in boot.  Revert it.
> 
> The problem was that I moved the "mem->dma = paddr;" before the call to
> be_fill_queue().  But the first thing that the be_fill_queue() function
> does is memset the whole struct to zero which overwrites the assignment.

Added Cc: stable and applied to 5.10/scsi-fixes, thanks!

[1/1] scsi: be2iscsi: revert "Fix a theoretical leak in beiscsi_create_eqs()"
      https://git.kernel.org/mkp/scsi/c/eeaf06af6f87
diff mbox series

Patch

diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
index 50e464224d47..90fcddb76f46 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -3020,7 +3020,6 @@  static int beiscsi_create_eqs(struct beiscsi_hba *phba,
 			goto create_eq_error;
 		}
 
-		mem->dma = paddr;
 		mem->va = eq_vaddress;
 		ret = be_fill_queue(eq, phba->params.num_eq_entries,
 				    sizeof(struct be_eq_entry), eq_vaddress);
@@ -3030,6 +3029,7 @@  static int beiscsi_create_eqs(struct beiscsi_hba *phba,
 			goto create_eq_error;
 		}
 
+		mem->dma = paddr;
 		ret = beiscsi_cmd_eq_create(&phba->ctrl, eq,
 					    BEISCSI_EQ_DELAY_DEF);
 		if (ret) {
@@ -3086,7 +3086,6 @@  static int beiscsi_create_cqs(struct beiscsi_hba *phba,
 			goto create_cq_error;
 		}
 
-		mem->dma = paddr;
 		ret = be_fill_queue(cq, phba->params.num_cq_entries,
 				    sizeof(struct sol_cqe), cq_vaddress);
 		if (ret) {
@@ -3096,6 +3095,7 @@  static int beiscsi_create_cqs(struct beiscsi_hba *phba,
 			goto create_cq_error;
 		}
 
+		mem->dma = paddr;
 		ret = beiscsi_cmd_cq_create(&phba->ctrl, cq, eq, false,
 					    false, 0);
 		if (ret) {