From f308a35f547cd7c1d8a901c12b3ac508e96df665 Mon Sep 17 00:00:00 2001 From: Ye Bin Date: Mon, 24 Aug 2020 11:34:36 +0800 Subject: scsi: qedf: Fix null ptr reference in qedf_stag_change_work Link: https://lore.kernel.org/r/20200824033436.45570-1-yebin10@huawei.com Acked-by: Saurav Kashyap Signed-off-by: Ye Bin Signed-off-by: Martin K. Petersen --- drivers/scsi/qedf/qedf_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 3f04f2c81366..5ca424df355c 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3863,7 +3863,7 @@ void qedf_stag_change_work(struct work_struct *work) container_of(work, struct qedf_ctx, stag_work.work); if (!qedf) { - QEDF_ERR(&qedf->dbg_ctx, "qedf is NULL"); + QEDF_ERR(NULL, "qedf is NULL"); return; } QEDF_ERR(&qedf->dbg_ctx, "Performing software context reset.\n"); -- cgit v1.2.3-70-g09d2 From 38660389a7697ae6dd56edfac5d87754374f217a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 24 Aug 2020 11:59:33 +0300 Subject: scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() We accidentally move this logging printk after the free, but that leads to a use after free. Link: https://lore.kernel.org/r/20200824085933.GD208317@mwanda Fixes: e33c2482289b ("scsi: cxgb4i: Add support for iSCSI segmentation offload") Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen --- drivers/scsi/cxgbi/libcxgbi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c index 71aebaf533ea..0e8621a6956d 100644 --- a/drivers/scsi/cxgbi/libcxgbi.c +++ b/drivers/scsi/cxgbi/libcxgbi.c @@ -2457,10 +2457,10 @@ int cxgbi_conn_xmit_pdu(struct iscsi_task *task) return err; } - __kfree_skb(skb); log_debug(1 << CXGBI_DBG_ISCSI | 1 << CXGBI_DBG_PDU_TX, "itt 0x%x, skb 0x%p, len %u/%u, xmit err %d.\n", task->itt, skb, skb->len, skb->data_len, err); + __kfree_skb(skb); iscsi_conn_printk(KERN_ERR, task->conn, "xmit err %d.\n", err); iscsi_conn_failure(task->conn, ISCSI_ERR_XMIT_FAILED); return err; -- cgit v1.2.3-70-g09d2 From 75d46c6d15efabc5176a5e2694ee236f02ee72ef Mon Sep 17 00:00:00 2001 From: Niklas Cassel Date: Fri, 21 Aug 2020 15:00:07 +0200 Subject: scsi: scsi_debug: Remove superfluous close zone in resp_open_zone() resp_open_zone() always calls zbc_open_zone() with parameter explicit set to true. If zbc_open_zone() is called with parameter explicit set to true, and the current zone state is implicit open, it will call zbc_close_zone() on the zone before proceeding. Therefore, there is no need for resp_open_zone() to call zbc_close_zone() on an implicitly open zone before calling zbc_open_zone(). Remove superfluous close zone in resp_open_zone(). Link: https://lore.kernel.org/r/20200821130007.39938-1-niklas.cassel@wdc.com Reviewed-by: Damien Le Moal Signed-off-by: Niklas Cassel Signed-off-by: Martin K. Petersen --- drivers/scsi/scsi_debug.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index 139f0073da37..1ad7260d4758 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -4482,8 +4482,6 @@ static int resp_open_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip) goto fini; } - if (zc == ZC2_IMPLICIT_OPEN) - zbc_close_zone(devip, zsp); zbc_open_zone(devip, zsp, true); fini: write_unlock(macc_lckp); -- cgit v1.2.3-70-g09d2