www.infradead.org Git - users/dwmw2/linux.git/commit

author	Xiyu Yang <xiyuyang19@fudan.edu.cn>
	Mon, 25 May 2020 14:16:24 +0000 (22:16 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 24 Jun 2020 15:48:27 +0000 (17:48 +0200)
commit	0c730c778e2701fa4b632eac6c277f3e31dfcd19
tree	81ff2ac9249ecd1df87d9c32bd9774b8b9a3473b	tree
parent	045c3a8a6c92ab876962a2f367dc1d85fcc79666	commit \| diff

scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event

[ Upstream commit 7217e6e694da3aae6d17db8a7f7460c8d4817ebf ]

In order to create or activate a new node, lpfc_els_unsol_buffer() invokes
lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of them will
return a reference of the specified lpfc_nodelist object to "ndlp" with
increased refcnt.

When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
invalid, so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in one exception handling path of
lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets to
decrease the refcnt increased by lpfc_nlp_init() or lpfc_enable_node() or
lpfc_nlp_get(), causing a refcnt leak.

Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.

Link: https://lore.kernel.org/r/1590416184-52592-1-git-send-email-xiyuyang19@fudan.edu.cn
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>