Re: [PATCH] [SCSI] advansys: fix host resource leak in EISA probe error path

[Guangshuo Li]

Hi Matthew,

On Fri, 17 Apr 2026 at 01:43, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> On Fri, Apr 17, 2026 at 12:59:35AM +0800, Guangshuo Li wrote:
> > A manual code audit found that advansys_eisa_probe() frees saved
> > Scsi_Host objects directly in its error path.

I understand the concern. This issue was found through my own manual
review of the error handling path in `advansys_eisa_probe()`.

Specifically, I first compared the error handling path in
`advansys_eisa_probe()` with the normal cleanup path in
`advansys_eisa_remove()`, and noticed that they release saved
`Scsi_Host` objects differently.

In `advansys_eisa_remove()`, each saved host is released through
`advansys_release(shost)`. Following that path shows that
`advansys_release()` eventually releases the SCSI host through
`scsi_host_put()`, which drops the embedded device reference and
invokes the SCSI host release callback, `scsi_host_dev_release()`,
when the reference count reaches zero.

That release callback does more than just `kfree(shost)`. It also
releases resources associated with the `Scsi_Host`, such as the host
IDA index, `shost_data`, and other host-side state managed by the SCSI
core.

However, the `free_data` path in `advansys_eisa_probe()` frees the
saved `data->host[]` entries directly with `kfree()`. My concern is
that this bypasses the `scsi_host_put()` / `scsi_host_dev_release()`
path and may therefore leak resources associated with the initialized
SCSI host.

That is why the patch changes the error path to release saved hosts
through `advansys_release(shost)` instead of directly freeing the
saved host pointers.

I also noticed that I accidentally removed the final `kfree(data)`
while preparing the patch. That was an unintended editing mistake, and
if the proposed cleanup approach is acceptable, I will fix it in v2.

> I've been told all your patches are AI slop, I'm not reviewing this.

If possible, could you please share what your assessment is based on?

Also, if there is any technical issue with this patch, I would
appreciate it if you could point it out concretely. I’m happy to
revise the patch if there is something incorrect in the analysis or in
the fix itself.

Thanks,
Guangshuo