linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
@ 2020-05-25 14:16 Xiyu Yang
  2020-05-25 15:12 ` Daniel Wagner
  2020-05-27  2:13 ` Martin K. Petersen
  0 siblings, 2 replies; 4+ messages in thread
From: Xiyu Yang @ 2020-05-25 14:16 UTC (permalink / raw)
  To: James Smart, Dick Kennedy, James E.J. Bottomley,
	Martin K. Petersen, linux-scsi, linux-kernel
  Cc: yuanxzhang, kjlu, Xiyu Yang, Xin Tan

In order to create or activate a new node, lpfc_els_unsol_buffer()
invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
them will return a reference of the specified lpfc_nodelist object to
"ndlp" with increased refcnt.

When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
invalid, so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in one exception handling path of
lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
to decrease the refcnt increased by lpfc_nlp_init() or
lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.

Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
 drivers/scsi/lpfc/lpfc_els.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 80d1e661b0d4..35fbcb4d52eb 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -8514,6 +8514,8 @@ lpfc_els_unsol_buffer(struct lpfc_hba *phba, struct lpfc_sli_ring *pring,
 	spin_lock_irq(shost->host_lock);
 	if (ndlp->nlp_flag & NLP_IN_DEV_LOSS) {
 		spin_unlock_irq(shost->host_lock);
+		if (newnode)
+			lpfc_nlp_put(ndlp);
 		goto dropit;
 	}
 	spin_unlock_irq(shost->host_lock);
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
  2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
@ 2020-05-25 15:12 ` Daniel Wagner
  2020-05-26 18:11   ` James Smart
  2020-05-27  2:13 ` Martin K. Petersen
  1 sibling, 1 reply; 4+ messages in thread
From: Daniel Wagner @ 2020-05-25 15:12 UTC (permalink / raw)
  To: Xiyu Yang
  Cc: James Smart, Dick Kennedy, James E.J. Bottomley,
	Martin K. Petersen, linux-scsi, linux-kernel, yuanxzhang, kjlu,
	Xin Tan

Hi,

On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
> In order to create or activate a new node, lpfc_els_unsol_buffer()
> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
> them will return a reference of the specified lpfc_nodelist object to
> "ndlp" with increased refcnt.

lpfc_enable_node() is not changing the refcnt.

> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
> 
> The reference counting issue happens in one exception handling path of
> lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
> to decrease the refcnt increased by lpfc_nlp_init() or
> lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
> 
> Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.

This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
needs this. And I suppose this is also ok for the lfpc_enable_node().

Reviewed-by: Daniel Wagner <dwagner@suse.de>

Thanks,
Daniel

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
  2020-05-25 15:12 ` Daniel Wagner
@ 2020-05-26 18:11   ` James Smart
  0 siblings, 0 replies; 4+ messages in thread
From: James Smart @ 2020-05-26 18:11 UTC (permalink / raw)
  To: Daniel Wagner, Xiyu Yang
  Cc: Dick Kennedy, James E.J. Bottomley, Martin K. Petersen,
	linux-scsi, linux-kernel, yuanxzhang, kjlu, Xin Tan



On 5/25/2020 8:12 AM, Daniel Wagner wrote:
> Hi,
>
> On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
>> In order to create or activate a new node, lpfc_els_unsol_buffer()
>> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
>> them will return a reference of the specified lpfc_nodelist object to
>> "ndlp" with increased refcnt.
> lpfc_enable_node() is not changing the refcnt.
>
>> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
>> invalid, so the refcount should be decreased to keep refcount balanced.
>>
>> The reference counting issue happens in one exception handling path of
>> lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
>> to decrease the refcnt increased by lpfc_nlp_init() or
>> lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
>>
>> Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
> This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
> needs this. And I suppose this is also ok for the lfpc_enable_node().
>
> Reviewed-by: Daniel Wagner <dwagner@suse.de>
>
> Thanks,
> Daniel

Looked at it here and it looks good.

Reviewed-by: James Smart <james.smart@broadcom.com>

-- james



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
  2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
  2020-05-25 15:12 ` Daniel Wagner
@ 2020-05-27  2:13 ` Martin K. Petersen
  1 sibling, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2020-05-27  2:13 UTC (permalink / raw)
  To: Dick Kennedy, linux-scsi, Xiyu Yang, James Smart, linux-kernel,
	James E.J. Bottomley
  Cc: Martin K . Petersen, Xin Tan, yuanxzhang, kjlu

On Mon, 25 May 2020 22:16:24 +0800, Xiyu Yang wrote:

> In order to create or activate a new node, lpfc_els_unsol_buffer()
> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
> them will return a reference of the specified lpfc_nodelist object to
> "ndlp" with increased refcnt.
> 
> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
> 
> [...]

Applied to 5.8/scsi-queue, thanks!

[1/1] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
      https://git.kernel.org/mkp/scsi/c/7217e6e694da

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-27  2:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-25 14:16 [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Xiyu Yang
2020-05-25 15:12 ` Daniel Wagner
2020-05-26 18:11   ` James Smart
2020-05-27  2:13 ` Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).