From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 16 Dec 2016 09:35:39 +0000 (+0300)
Subject: scsi: dpt_i2o: double free if adpt_i2o_online_hba() fails
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=19099dc393f3ca1fd9690f914e50278cf2aee78a;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

scsi: dpt_i2o: double free if adpt_i2o_online_hba() fails

There are two places where adpt_i2o_online_hba() is called.  Both
callers call adpt_i2o_delete_hba(pHba) if adpt_i2o_online_hba() fails
and since we also free it here that causes a double free bug.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---

diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
index 5f75e638ec95..256dd6791fcc 100644
--- a/drivers/scsi/dpt_i2o.c
+++ b/drivers/scsi/dpt_i2o.c
@@ -2768,16 +2768,12 @@ static int adpt_i2o_activate_hba(adpt_hba* pHba)
  
 static int adpt_i2o_online_hba(adpt_hba* pHba)
 {
-	if (adpt_i2o_systab_send(pHba) < 0) {
-		adpt_i2o_delete_hba(pHba);
+	if (adpt_i2o_systab_send(pHba) < 0)
 		return -1;
-	}
 	/* In READY state */
 
-	if (adpt_i2o_enable_hba(pHba) < 0) {
-		adpt_i2o_delete_hba(pHba);
+	if (adpt_i2o_enable_hba(pHba) < 0)
 		return -1;
-	}
 
 	/* In OPERATIONAL state  */
 	return 0;