lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b3644f6b-d0ea-6577-dbbb-f6dd52d9e1e8@suse.de>
Date:   Wed, 1 Aug 2018 08:31:26 +0200
From:   Hannes Reinecke <hare@...e.de>
To:     Johannes Thumshirn <jthumshirn@...e.de>,
        "Martin K . Petersen" <martin.petersen@...cle.com>
Cc:     Linux Kernel Mailinglist <linux-kernel@...r.kernel.org>,
        Linux SCSI Mailinglist <linux-scsi@...r.kernel.org>,
        ard <ard@...ak.net>
Subject: Re: [PATCH 3/3] scsi: fcoe: clear FC_RP_STARTED flags when receiving
 a LOGO

On 07/31/2018 03:46 PM, Johannes Thumshirn wrote:
> When receiving a LOGO request we forget to clear the FC_RP_STARTED
> flag before starting the rport delete routine.
> 
> As the started flag was not cleared, we're not deleting the rport but
> waiting for a restart and thus are keeping the reference count of the
> rdata object at 1.
> 
> This leads to the following kmemleak report:
> unreferenced object 0xffff88006542aa00 (size 512):
>   comm "kworker/0:2", pid 24, jiffies 4294899222 (age 226.880s)
>   hex dump (first 32 bytes):
>     68 96 fe 65 00 88 ff ff 00 00 00 00 00 00 00 00  h..e............
>     01 00 00 00 08 00 00 00 02 c5 45 24 ac b8 00 10  ..........E$....
>   backtrace:
>     [<(____ptrval____)>] fcoe_ctlr_vn_add.isra.5+0x7f/0x770 [libfcoe]
>     [<(____ptrval____)>] fcoe_ctlr_vn_recv+0x12af/0x27f0 [libfcoe]
>     [<(____ptrval____)>] fcoe_ctlr_recv_work+0xd01/0x32f0 [libfcoe]
>     [<(____ptrval____)>] process_one_work+0x7ff/0x1420
>     [<(____ptrval____)>] worker_thread+0x87/0xef0
>     [<(____ptrval____)>] kthread+0x2db/0x390
>     [<(____ptrval____)>] ret_from_fork+0x35/0x40
>     [<(____ptrval____)>] 0xffffffffffffffff
> 
> Signed-off-by: Johannes Thumshirn <jthumshirn@...e.de>
> Reported-by: ard <ard@...ak.net>
> ---
>  drivers/scsi/libfc/fc_rport.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
> index 31d31aad3de1..89b1f1af2fd4 100644
> --- a/drivers/scsi/libfc/fc_rport.c
> +++ b/drivers/scsi/libfc/fc_rport.c
> @@ -2164,6 +2164,7 @@ static void fc_rport_recv_logo_req(struct fc_lport *lport, struct fc_frame *fp)
>  		FC_RPORT_DBG(rdata, "Received LOGO request while in state %s\n",
>  			     fc_rport_state(rdata));
>  
> +		rdata->flags &= ~FC_RP_STARTED;
>  		fc_rport_enter_delete(rdata, RPORT_EV_STOP);
>  		mutex_unlock(&rdata->rp_mutex);
>  		kref_put(&rdata->kref, fc_rport_destroy);
> 
Reviewed-by: Hannes Reinecke <hare@...e.com>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare@...e.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ