Skip to content

Commit 388a499

Browse files
bkstratusmartinkpetersen
bkstratus
authored and
martinkpetersen
committed
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
In qla2x00_async_tm_cmd, we reference off sp after it has been freed. This caused a panic on a system running a slub debug kernel. Since fcport is passed in anyways, just use that instead. Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com> Acked-by: Giridhar Malavali <gmalavali@marvell.com> Acked-by: Himanshu Madhani <hmadhani@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
1 parent e4a0569 commit 388a499

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

drivers/scsi/qla2xxx/qla_init.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1785,13 +1785,13 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint32_t lun,
17851785

17861786
/* Issue Marker IOCB */
17871787
qla2x00_marker(vha, vha->hw->req_q_map[0],
1788-
vha->hw->rsp_q_map[0], sp->fcport->loop_id, lun,
1788+
vha->hw->rsp_q_map[0], fcport->loop_id, lun,
17891789
flags == TCF_LUN_RESET ? MK_SYNC_ID_LUN : MK_SYNC_ID);
17901790
}
17911791

17921792
done_free_sp:
17931793
sp->free(sp);
1794-
sp->fcport->flags &= ~FCF_ASYNC_SENT;
1794+
fcport->flags &= ~FCF_ASYNC_SENT;
17951795
done:
17961796
return rval;
17971797
}

0 commit comments

Comments
 (0)