Re: [PATCH] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event

From: James Smart
Date: Tue May 26 2020 - 14:11:59 EST

On 5/25/2020 8:12 AM, Daniel Wagner wrote:

On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote:
In order to create or activate a new node, lpfc_els_unsol_buffer()
invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of
them will return a reference of the specified lpfc_nodelist object to
"ndlp" with increased refcnt.
lpfc_enable_node() is not changing the refcnt.

When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes
invalid, so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in one exception handling path of
lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets
to decrease the refcnt increased by lpfc_nlp_init() or
lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak.

Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS.
This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case
needs this. And I suppose this is also ok for the lfpc_enable_node().

Reviewed-by: Daniel Wagner <dwagner@xxxxxxx>


Looked at it here and it looks good.

Reviewed-by: James Smart <>

-- james