diff mbox series

scsi: target: pscsi: fix bio_put for error case

Message ID 20240214144356.101814-1-naohiro.aota@wdc.com (mailing list archive)
State Accepted
Commit de959094eb2197636f7c803af0943cb9d3b35804
Headers show
Series scsi: target: pscsi: fix bio_put for error case | expand

Commit Message

Naohiro Aota Feb. 14, 2024, 2:43 p.m. UTC 
As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()
and kfree(). That is not done properly for the error case, hitting WARN and
NULL pointer dereference in bio_free().

Fixes: 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper")
CC: stable@vger.kernel.org # 6.1+
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
---
 drivers/target/target_core_pscsi.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Christoph Hellwig Feb. 15, 2024, 5:24 a.m. UTC | #1 
On Wed, Feb 14, 2024 at 11:43:56PM +0900, Naohiro Aota wrote:
> As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
> wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()
> and kfree(). That is not done properly for the error case, hitting WARN and
> NULL pointer dereference in bio_free().
> 
> Fixes: 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper")
> CC: stable@vger.kernel.org # 6.1+
> Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>

Looks good:

Reviewed-by: Christoph Hellwig <hch@lst.de>
Johannes Thumshirn Feb. 15, 2024, 11:33 a.m. UTC | #2 
Looks good,
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Martin K. Petersen Feb. 15, 2024, 8:39 p.m. UTC | #3 
On Wed, 14 Feb 2024 23:43:56 +0900, Naohiro Aota wrote:

> As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
> wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()
> and kfree(). That is not done properly for the error case, hitting WARN and
> NULL pointer dereference in bio_free().
> 
> 

Applied to 6.8/scsi-fixes, thanks!

[1/1] scsi: target: pscsi: fix bio_put for error case
      https://git.kernel.org/mkp/scsi/c/de959094eb21
diff mbox series

Patch

diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
index 41b7489d37ce..ed4fd22eac6e 100644
--- a/drivers/target/target_core_pscsi.c
+++ b/drivers/target/target_core_pscsi.c
@@ -907,12 +907,15 @@  pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
 
 	return 0;
 fail:
-	if (bio)
-		bio_put(bio);
+	if (bio) {
+		bio_uninit(bio);
+		kfree(bio);
+	}
 	while (req->bio) {
 		bio = req->bio;
 		req->bio = bio->bi_next;
-		bio_put(bio);
+		bio_uninit(bio);
+		kfree(bio);
 	}
 	req->biotail = NULL;
 	return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;