From: Joy Gu jgu@purestorage.com
stable inclusion from stable-v5.10.76 commit 96f0aebf29be25254fa585af43924e34aa21fd9a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RB0N CVE: CVE-2021-47473
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
---------------------------
[ Upstream commit 7fb223d0ad801f633c78cbe42b1d1b55f5d163ad ]
Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change:
bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN
to:
bsg_job->request->msgcode != FC_BSG_RPT_ELS
but changed it to:
bsg_job->request->msgcode == FC_BSG_RPT_ELS
instead.
Change the == to a != to avoid leaking the fcport structure or freeing unallocated memory.
Link: https://lore.kernel.org/r/20211012191834.90306-2-jgu@purestorage.com Fixes: 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()") Reviewed-by: Bart Van Assche bvanassche@acm.org Signed-off-by: Joy Gu jgu@purestorage.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Sasha Levin sashal@kernel.org Conflicts: drivers/scsi/qla2xxx/qla_bsg.c [Some prev patch is not merged, but is not relevant to the bugfix] Signed-off-by: Hui Tang tanghui20@huawei.com --- drivers/scsi/qla2xxx/qla_bsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c index 47f062e96e62..5a56b8af8d2b 100644 --- a/drivers/scsi/qla2xxx/qla_bsg.c +++ b/drivers/scsi/qla2xxx/qla_bsg.c @@ -409,7 +409,7 @@ qla2x00_process_els(struct bsg_job *bsg_job) goto done_free_fcport;
done_free_fcport: - if (bsg_request->msgcode == FC_BSG_RPT_ELS) + if (bsg_request->msgcode != FC_BSG_RPT_ELS) kfree(fcport); done: return rval;