WSL2-Linux-Kernel/drivers/scsi
Ben Hutchings 85449b28ff scsi: aacraid: Fix double-free on probe failure
[ Upstream commit 919ddf8336f0b84c0453bac583808c9f165a85c2 ]

aac_probe_one() calls hardware-specific init functions through the
aac_driver_ident::init pointer, all of which eventually call down to
aac_init_adapter().

If aac_init_adapter() fails after allocating memory for aac_dev::queues,
it frees the memory but does not clear that member.

After the hardware-specific init function returns an error,
aac_probe_one() goes down an error path that frees the memory pointed to
by aac_dev::queues, resulting.in a double-free.

Reported-by: Michael Gordon <m.gordon.zelenoborsky@gmail.com>
Link: https://bugs.debian.org/1075855
Fixes: 8e0c5ebde8 ("[SCSI] aacraid: Newer adapter communication iterface support")
Signed-off-by: Ben Hutchings <benh@debian.org>
Link: https://lore.kernel.org/r/ZsZvfqlQMveoL5KQ@decadent.org.uk
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-09-04 13:23:42 +02:00
..
aacraid scsi: aacraid: Fix double-free on probe failure 2024-09-04 13:23:42 +02:00
aic7xxx SCSI misc on 20210711 2021-07-11 10:59:53 -07:00
aic94xx scsi: aic94xx: Add missing check for dma_map_single() 2023-03-10 09:39:28 +01:00
arcmsr scsi: arcmsr: Support new PCI device IDs 1883 and 1886 2024-02-23 08:54:41 +01:00
arm scsi: acornscsi: Remove scsi_cmd_to_tag() reference 2021-10-04 21:54:18 -04:00
be2iscsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2023-12-13 18:36:41 +01:00
bfa scsi: bfa: Ensure the copied buf is NUL terminated 2024-06-16 13:39:24 +02:00
bnx2fc scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload 2024-05-17 11:50:52 +02:00
bnx2i scsi: iscsi: Fix session removal on shutdown 2022-08-17 14:23:45 +02:00
csiostor scsi: csiostor: Avoid function pointer casts 2024-03-26 18:21:33 -04:00
cxgbi scsi: iscsi: Rename iscsi_conn_queue_work() 2022-10-26 12:35:15 +02:00
cxlflash pci-v5.15-changes 2021-09-07 19:13:42 -07:00
device_handler scsi: core: alua: I/O errors for ALUA state transitions 2024-07-27 10:46:07 +02:00
dpt
elx scsi: elx: libefc: Fix second parameter type in state callbacks 2022-12-31 13:14:44 +01:00
esas2r Merge branch '5.14/scsi-result' into 5.14/scsi-staging 2021-06-02 01:37:04 -04:00
fcoe scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" 2024-02-23 08:55:05 +01:00
fnic scsi: fnic: Return error if vmalloc() failed 2024-01-25 14:52:37 -08:00
hisi_sas scsi: hisi_sas: Correct the number of global debugfs registers 2024-01-25 14:52:38 -08:00
ibmvscsi scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool 2023-11-28 16:56:18 +00:00
ibmvscsi_tgt scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 2022-04-20 09:34:15 +02:00
isci scsi: isci: Fix an error code problem in isci_io_request_build() 2024-02-23 08:54:52 +01:00
libfc scsi: libfc: Fix up timeout error in fc_fcp_rec_error() 2024-02-23 08:54:42 +01:00
libsas scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed 2024-07-27 10:46:13 +02:00
lpfc scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() 2024-09-04 13:23:24 +02:00
megaraid scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers 2023-11-28 16:56:27 +00:00
mpi3mr scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES 2024-08-19 05:45:44 +02:00
mpt3sas scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES 2024-08-19 05:45:39 +02:00
mvsas scsi: mvsas: Add PCI ID of RocketRaid 2640 2022-04-20 09:34:17 +02:00
pcmcia scsi: fdomain: Fix error return code in fdomain_probe() 2021-08-09 23:30:25 -04:00
pm8001 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command 2023-10-06 13:18:17 +02:00
qedf scsi: qedf: Set qed_slowpath_params to zero before use 2024-07-27 10:46:07 +02:00
qedi scsi: qedi: Fix crash while reading debugfs attribute 2024-07-05 09:14:26 +02:00
qla2xxx scsi: qla2xxx: validate nvme_local_port correctly 2024-08-19 05:45:18 +02:00
qla4xxx scsi: qla4xxx: Add length check when parsing nlattrs 2023-09-19 12:22:45 +02:00
smartpqi scsi: smartpqi: Fix DMA direction for RAID requests 2022-08-17 14:23:51 +02:00
snic scsi: snic: Fix double free in snic_tgt_create() 2023-08-30 16:18:21 +02:00
sym53c8xx_2 scsi: sym53c8xx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:42 -04:00
ufs scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic 2024-08-19 05:45:44 +02:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Avoid disabling device if failing to enable it 2022-10-26 12:35:46 +02:00
3w-9xxx.h scsi: 3w-9xxx: Fix endianness issues in command packets 2021-05-15 18:01:34 -04:00
3w-sas.c
3w-sas.h
3w-xxxx.c scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() 2023-07-23 13:47:11 +02:00
3w-xxxx.h
53c700.c scsi: 53c700: Check that command slot is not NULL 2023-08-16 18:22:03 +02:00
53c700.h treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
53c700.scr
53c700_d.h_shipped
BusLogic.c scsi: BusLogic: Use %X for u32 sized integer rather than %lX 2021-08-01 13:27:46 -04:00
BusLogic.h scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic 2021-05-14 22:19:04 -04:00
FlashPoint.c Merge branch '5.14/scsi-result' into 5.14/scsi-staging 2021-06-02 01:37:04 -04:00
Kconfig scsi: jazz_esp: Only build if SCSI core is builtin 2024-03-01 13:21:58 +01:00
Makefile scsi: core: Fix missing FORCE for scsi_devinfo_tbl.c build rule 2021-08-23 23:07:05 -04:00
NCR5380.c scsi: NCR5380: Use sc_data_direction instead of rq_data_dir() 2021-08-11 22:25:38 -04:00
NCR5380.h
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c scsi: advansys: Fix kernel pointer leak 2021-11-25 09:48:27 +01:00
aha152x.c scsi: aha152x: Fix aha152x_setup() __setup handler return value 2022-04-13 20:59:07 +02:00
aha152x.h
aha1542.c scsi: aha1542: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:38 -04:00
aha1542.h
aha1740.c scsi: aha1740: Avoid over-read of sense buffer 2021-06-18 23:27:04 -04:00
aha1740.h
am53c974.c
atari_scsi.c
atp870u.c
atp870u.h
bvme6000_scsi.c
ch.c scsi: scsi_ioctl: Call scsi_cmd_ioctl() from scsi_ioctl() 2021-07-28 22:24:25 -04:00
constants.c scsi: core: Introduce enums for the SAM and host status codes 2021-06-02 23:09:39 -04:00
dc395x.c scsi: dc395x: Fix a missing check on list iterator 2022-06-09 10:23:22 +02:00
dc395x.h
dmx3191d.c
dpt_i2o.c scsi: dpt_i2o: Do not process completions with invalid addresses 2023-06-09 10:32:34 +02:00
dpti.h scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) 2023-06-09 10:32:34 +02:00
esp_scsi.c scsi: core: Kill DRIVER_SENSE 2021-05-31 22:48:21 -04:00
esp_scsi.h
fdomain.c scsi: fdomain: Translate message to host byte status 2021-05-31 22:48:24 -04:00
fdomain.h
fdomain_isa.c
fdomain_pci.c
g_NCR5380.c
gvp11.c
gvp11.h
hosts.c scsi: core: Fix a use-after-free 2024-07-27 10:46:07 +02:00
hpsa.c scsi: hpsa: Fix allocation size for Scsi_Host private data 2024-06-16 13:39:21 +02:00
hpsa.h
hpsa_cmd.h
hptiop.c scsi: core: Do not use DRIVER_INVALID 2021-05-31 22:48:21 -04:00
hptiop.h
imm.c scsi: imm: Switch to use module_parport_driver() 2021-06-18 23:01:03 -04:00
imm.h
initio.c
initio.h
ipr.c scsi: ipr: Work around fortify-string warning 2023-03-11 13:57:31 +01:00
ipr.h scsi: ipr: System crashes when seeing type 20 error 2021-06-29 16:46:08 -04:00
ips.c scsi: ips: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:39 -04:00
ips.h treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() 2023-04-13 16:48:24 +02:00
iscsi_tcp.h scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-10-26 12:35:16 +02:00
jazz_esp.c
lasi700.c parisc: Make struct parisc_driver::remove() return void 2021-08-30 10:18:25 +02:00
libiscsi.c scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress 2023-02-09 11:26:39 +01:00
libiscsi_tcp.c scsi: iscsi: Merge suspend fields 2022-04-27 14:38:56 +02:00
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c
megaraid.c scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS 2023-05-11 23:00:26 +09:00
megaraid.h
mesh.c scsi: mesh: Translate message to host byte status 2021-05-31 22:48:23 -04:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c scsi: mvumi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:40 -04:00
mvumi.h
myrb.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:19:41 +02:00
myrb.h
myrs.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:19:41 +02:00
myrs.h
ncr53c8xx.c scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function 2021-09-13 22:15:47 -04:00
ncr53c8xx.h
nsp32.c scsi: nsp32: Do not set message byte 2021-05-31 22:48:23 -04:00
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c scsi: pmcraid: Fix missing resource cleanup in error case 2022-06-22 14:21:57 +02:00
pmcraid.h scsi: pmcraid: Fix typos 2021-05-21 16:59:33 -04:00
ppa.c scsi: ppa: Switch to use module_parport_driver() 2021-06-18 23:01:03 -04:00
ppa.h
ps3rom.c scsi: core: Introduce scsi_build_sense() 2021-05-31 22:48:21 -04:00
qla1280.c scsi: qla1280: Stop using scsi_cmnd.tag 2021-08-23 23:06:56 -04:00
qla1280.h
qlogicfas.c
qlogicfas408.c scsi: qlogicfas408: Whitespace cleanup 2021-05-31 22:48:23 -04:00
qlogicfas408.h
qlogicpti.c scsi: qlogicpti: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:41 -04:00
qlogicpti.h
raid_class.c scsi: core: raid_class: Remove raid_component_add() 2023-08-30 16:18:21 +02:00
script_asm.pl
scsi.c scsi: core: Improve scsi_vpd_inquiry() checks 2023-04-26 13:51:50 +02:00
scsi.h
scsi_bsg.c scsi: bsg: Fix commands without data transfer in scsi_bsg_sg_io_fn() 2021-08-01 13:21:40 -04:00
scsi_common.c scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON 2021-07-28 22:24:27 -04:00
scsi_debug.c scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() 2022-12-31 13:14:25 +01:00
scsi_debugfs.c scsi: core: Show SCMD_LAST in text form 2022-01-27 11:05:22 +01:00
scsi_debugfs.h
scsi_devinfo.c scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR 2023-03-30 12:47:55 +02:00
scsi_dh.c
scsi_error.c scsi: core: Move scsi_host_busy() out of host lock if it is for per-command 2024-02-23 08:54:59 +01:00
scsi_ioctl.c scsi: core: Fix warning in scsi_alloc_sgtables() 2022-08-03 12:03:47 +02:00
scsi_lib.c scsi: core: Fix a use-after-free 2024-07-27 10:46:07 +02:00
scsi_lib_dma.c
scsi_logging.c scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:37 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() 2022-01-27 11:04:15 +01:00
scsi_priv.h scsi: core: Fix a use-after-free 2024-07-27 10:46:07 +02:00
scsi_proc.c scsi: core: Fix legacy /proc parsing buffer overflow 2023-08-16 18:22:03 +02:00
scsi_sas_internal.h
scsi_scan.c scsi: core: Fix a use-after-free 2024-07-27 10:46:07 +02:00
scsi_sysctl.c
scsi_sysfs.c scsi: core: Fix a use-after-free 2024-07-27 10:46:07 +02:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters 2022-04-08 14:22:54 +02:00
scsi_transport_iscsi.c scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() 2023-09-19 12:22:44 +02:00
scsi_transport_sas.c scsi: mpi3mr: Fix ATA NCQ priority support 2024-07-05 09:14:22 +02:00
scsi_transport_spi.c scsi: spi: Fix sshdr use 2024-09-04 13:23:22 +02:00
scsi_transport_srp.c
scsicam.c include: remove pagemap.h from blkdev.h 2021-05-06 19:24:11 -07:00
sd.c scsi: sd: Revert "scsi: sd: Remove a local variable" 2022-11-03 23:59:20 +09:00
sd.h
sd_dif.c
sd_zbc.c scsi: sd_zbc: Support disks with more than 2**32 logical blocks 2021-09-21 23:52:55 -04:00
sense_codes.h
ses.c scsi: ses: Handle enclosure with just a primary component gracefully 2023-04-20 12:13:55 +02:00
sg.c scsi: sg: Allow waiting for commands to complete on removed device 2022-08-17 14:22:55 +02:00
sgiwd93.c
sim710.c
sni_53c710.c treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
sr.c block: move GENHD_FL_BLOCK_EVENTS_ON_EXCL_WRITE to disk->event_flags 2023-09-19 12:23:02 +02:00
sr.h
sr_ioctl.c scsi: sr: Do not leak information in ioctl 2022-04-27 14:38:58 +02:00
sr_vendor.c scsi: sr: Don't use GFP_DMA 2022-01-27 11:05:03 +01:00
st.c block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
st.h st: do not allocate a gendisk 2021-08-23 12:54:30 -06:00
st_options.h
stex.c scsi: stex: Fix gcc 13 warnings 2023-06-09 10:32:29 +02:00
storvsc_drv.c scsi: storvsc: Fix ring buffer size calculation 2024-02-23 08:55:03 +01:00
sun3_scsi.c scsi: sun3_scsi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request 2021-08-11 22:25:41 -04:00
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" 2021-09-28 22:47:28 -04:00
vmw_pvscsi.c scsi: vmw_pvscsi: Set residual data length conditionally 2022-01-05 12:42:39 +01:00
vmw_pvscsi.h scsi: vmw_pvscsi: Expand vcpuHint to 16 bits 2022-06-22 14:21:57 +02:00
wd33c93.c scsi: wd33c93: Translate message byte to host byte 2021-05-31 22:48:23 -04:00
wd33c93.h
wd719x.c scsi: wd719: Stop using scsi_cmnd.tag 2021-08-16 13:33:24 -04:00
wd719x.h
xen-scsifront.c xen/scsifront: don't use gnttab_query_foreign_access() for mapped status 2022-03-11 12:22:36 +01:00
zalon.c parisc: Make struct parisc_driver::remove() return void 2021-08-30 10:18:25 +02:00
zorro7xx.c scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() 2022-04-13 20:59:15 +02:00
zorro_esp.c