scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs

[ Upstream commit 5aa615d195f1e142c662cb2253f057c9baec7531 ]

The driver is encountering a crash in lpfc_free_iocb_list() while
performing initial attachment.

Code review found this to be an errant failure path that was taken, jumping
to a tag that then referenced structures that were uninitialized.

Fix the failure path.

Link: https://lore.kernel.org/r/20210514195559.119853-9-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index bf171ef61abd5eb83125f7b3375629cb3d679ae3..990b700de6892a8d5e260665393b29231037a7f8 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -7825,7 +7825,7 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
                                "0393 Error %d during rpi post operation\n",
                                rc);
                rc = -ENODEV;
-               goto out_destroy_queue;
+               goto out_free_iocblist;
        }
        lpfc_sli4_node_prep(phba);
 
@@ -7991,8 +7991,9 @@ out_io_buff_free:
 out_unset_queue:
        /* Unset all the queues set up in this routine when error out */
        lpfc_sli4_queue_unset(phba);
-out_destroy_queue:
+out_free_iocblist:
        lpfc_free_iocb_list(phba);
+out_destroy_queue:
        lpfc_sli4_queue_destroy(phba);
 out_stop_timers:
        lpfc_stop_hba_timers(phba);