Commit 4f419fd2 authored by Javed Hasan's avatar Javed Hasan Committed by Greg Kroah-Hartman

scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases

[ Upstream commit ec007ef4 ]

In fc_disc_gpn_id_resp(), skb is supposed to get freed in all cases except
for PTR_ERR. However, in some cases it didn't.

This fix is to call fc_frame_free(fp) before function returns.

Link: https://lore.kernel.org/r/20200729081824.30996-2-jhasan@marvell.comReviewed-by: default avatarGirish Basrur <gbasrur@marvell.com>
Reviewed-by: default avatarSantosh Vernekar <svernekar@marvell.com>
Reviewed-by: default avatarSaurav Kashyap <skashyap@marvell.com>
Reviewed-by: default avatarShyam Sundar <ssundar@marvell.com>
Signed-off-by: default avatarJaved Hasan <jhasan@marvell.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 62646cb9
......@@ -593,8 +593,12 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
if (PTR_ERR(fp) == -FC_EX_CLOSED)
goto out;
if (IS_ERR(fp))
goto redisc;
if (IS_ERR(fp)) {
mutex_lock(&disc->disc_mutex);
fc_disc_restart(disc);
mutex_unlock(&disc->disc_mutex);
goto out;
}
cp = fc_frame_payload_get(fp, sizeof(*cp));
if (!cp)
......@@ -621,7 +625,7 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
new_rdata->disc_id = disc->disc_id;
fc_rport_login(new_rdata);
}
goto out;
goto free_fp;
}
rdata->disc_id = disc->disc_id;
mutex_unlock(&rdata->rp_mutex);
......@@ -638,6 +642,8 @@ static void fc_disc_gpn_id_resp(struct fc_seq *sp, struct fc_frame *fp,
fc_disc_restart(disc);
mutex_unlock(&disc->disc_mutex);
}
free_fp:
fc_frame_free(fp);
out:
kref_put(&rdata->kref, fc_rport_destroy);
if (!IS_ERR(fp))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment