| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200525151220.rtwmlobnkmhwhxn5@beryllium.lan>
Date: Mon, 25 May 2020 17:12:20 +0200
From: Daniel Wagner <dwagner@...e.de>
To: Xiyu Yang <xiyuyang19@...an.edu.cn>
Cc: James Smart <james.smart@...adcom.com>,
Dick Kennedy <dick.kennedy@...adcom.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
yuanxzhang@...an.edu.cn, kjlu@....edu,
Xin Tan <tanxin.ctf@...il.com>
Subject: Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing
unsolicited event
Hi,
On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
> In order to create or activate a new node, lpfc_els_unsol_buffer()
> invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
> them will return a reference of the specified lpfc_nodelist object to
> "ndlp" with increased refcnt.
lpfc_enable_node() is not changing the refcnt.
> When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
>
> The reference counting issue happens in one exception handling path of
> lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
> to decrease the refcnt increased by lpfc_nlp_init() or
> lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.
>
> Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
needs this. And I suppose this is also ok for the lfpc_enable_node().
Reviewed-by: Daniel Wagner <dwagner@...e.de>
Thanks,
Daniel
Powered by blists - more mailing lists