* [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
@ 2020-05-25 14:16 Xiyu Yang
2020-05-25 15:12 ` Daniel Wagner
2020-05-27 2:13 ` Martin K. Petersen
0 siblings, 2 replies; 4+ messages in thread
From: Xiyu Yang @ 2020-05-25 14:16 UTC (permalink / raw)
To: James Smart, Dick Kennedy, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, linux-kernel
Cc: yuanxzhang, kjlu, Xiyu Yang, Xin Tan
In order to create or activate a new node, lpfc_els_unsol_buffer()
invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
them will return a reference of the specified lpfc_nodelist object to
"ndlp" with increased refcnt.
When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
invalid, so the refcount should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of
lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
to decrease the refcnt increased by lpfc_nlp_init() or
lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
drivers/scsi/lpfc/lpfc_els.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 80d1e661b0d4..35fbcb4d52eb 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -8514,6 +8514,8 @@ lpfc_els_unsol_buffer(struct lpfc_hba *phba, struct lpfc_sli_ring *pring,
spin_lock_irq(shost->host_lock);
if (ndlp->nlp_flag & NLP_IN_DEV_LOSS) {
spin_unlock_irq(shost->host_lock);
+ if (newnode)
+ lpfc_nlp_put(ndlp);
goto dropit;
}
spin_unlock_irq(shost->host_lock);
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
@ 2020-05-25 15:12 ` Daniel Wagner
2020-05-26 18:11 ` James Smart
2020-05-27 2:13 ` Martin K. Petersen
1 sibling, 1 reply; 4+ messages in thread
From: Daniel Wagner @ 2020-05-25 15:12 UTC (permalink / raw)
To: Xiyu Yang
Cc: James Smart, Dick Kennedy, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, linux-kernel, yuanxzhang, kjlu,
Xin Tan
Hi,
On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
> In order to create or activate a new node, lpfc_els_unsol_buffer()
> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
> them will return a reference of the specified lpfc_nodelist object to
> "ndlp" with increased refcnt.
lpfc_enable_node() is not changing the refcnt.
> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
>
> The reference counting issue happens in one exception handling path of
> lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
> to decrease the refcnt increased by lpfc_nlp_init() or
> lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
>
> Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
needs this. And I suppose this is also ok for the lfpc_enable_node().
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Thanks,
Daniel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
2020-05-25 15:12 ` Daniel Wagner
@ 2020-05-26 18:11 ` James Smart
0 siblings, 0 replies; 4+ messages in thread
From: James Smart @ 2020-05-26 18:11 UTC (permalink / raw)
To: Daniel Wagner, Xiyu Yang
Cc: Dick Kennedy, James E.J. Bottomley, Martin K. Petersen,
linux-scsi, linux-kernel, yuanxzhang, kjlu, Xin Tan
On 5/25/2020 8:12 AM, Daniel Wagner wrote:
> Hi,
>
> On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
>> In order to create or activate a new node, lpfc_els_unsol_buffer()
>> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
>> them will return a reference of the specified lpfc_nodelist object to
>> "ndlp" with increased refcnt.
> lpfc_enable_node() is not changing the refcnt.
>
>> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
>> invalid, so the refcount should be decreased to keep refcount balanced.
>>
>> The reference counting issue happens in one exception handling path of
>> lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
>> to decrease the refcnt increased by lpfc_nlp_init() or
>> lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
>>
>> Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
> This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
> needs this. And I suppose this is also ok for the lfpc_enable_node().
>
> Reviewed-by: Daniel Wagner <dwagner@suse.de>
>
> Thanks,
> Daniel
Looked at it here and it looks good.
Reviewed-by: James Smart <james.smart@broadcom.com>
-- james
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
2020-05-25 15:12 ` Daniel Wagner
@ 2020-05-27 2:13 ` Martin K. Petersen
1 sibling, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2020-05-27 2:13 UTC (permalink / raw)
To: Dick Kennedy, linux-scsi, Xiyu Yang, James Smart, linux-kernel,
James E.J. Bottomley
Cc: Martin K . Petersen, Xin Tan, yuanxzhang, kjlu
On Mon, 25 May 2020 22:16:24 +0800, Xiyu Yang wrote:
> In order to create or activate a new node, lpfc_els_unsol_buffer()
> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
> them will return a reference of the specified lpfc_nodelist object to
> "ndlp" with increased refcnt.
>
> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
>
> [...]
Applied to 5.8/scsi-queue, thanks!
[1/1] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
https://git.kernel.org/mkp/scsi/c/7217e6e694da
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-27 2:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
2020-05-25 15:12 ` Daniel Wagner
2020-05-26 18:11 ` James Smart
2020-05-27 2:13 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).