-
James Smart authored
The axchg structure is a structure allocated early in the lpfc_nvme_unsol_ls_handler() to represent the newly received exchange. Upon error, the out_fail path in the routine unconditionally frees the pointer, yet subsequently passes the pointer to the abort routine. Additionally, the abort routine, lpfc_nvme_unsol_ls_issue_abort(), also has a failure path that will attempt to delete the pointer on error. Fix these errors by: - Removing the unconditional free so that it stays valid if passed to the abort routine. - Revise the abort routine to not free the pointer. Instead, return a success/failure status. Note: if success, the later completion of the abort frees the structure. - Back in the unsol_ls_handler() error path, if the abort routine was skipped (thus no possible reference) or the abort routine returned error, free the pointer. Fixes: 3a8070c5 ("lpfc: Refactor NVME LS receive handling") Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Dick Kennedy <dick.kennedy@broadcom.com> Signed-off-by:
James Smart <jsmart2021@gmail.com> Reviewed-by:
Christoph Hellwig <hch@lst.de>
4e57e0b9
