1. Patchew
  2. linux
  3. View series

[PATCH] scsi: iscsi: fix reference count leak in cxgbi_check_route()

Ma Ke posted 1 patch 1 year, 5 months ago 
drivers/scsi/cxgbi/libcxgbi.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] scsi: iscsi: fix reference count leak in cxgbi_check_route()
Posted by Ma Ke 1 year, 5 months ago 
cxgbi_check_route() dont release the reference acquired by ip_dev_find()
which introducing a reference count leak. We could remedy this by
insuring the reference is released.ip_dev_find().

Cc: stable@vger.kernel.org
Fixes: 9ba682f01e2f ("[SCSI] libcxgbi: common library for cxgb3i and cxgb4i")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 drivers/scsi/cxgbi/libcxgbi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
index bf75940f2be1..6b0f1e8dac40 100644
--- a/drivers/scsi/cxgbi/libcxgbi.c
+++ b/drivers/scsi/cxgbi/libcxgbi.c
@@ -670,6 +670,7 @@ cxgbi_check_route(struct sockaddr *dst_addr, int ifindex)
 		"route to %pI4 :%u, ndev p#%d,%s, cdev 0x%p.\n",
 		&daddr->sin_addr.s_addr, ntohs(daddr->sin_port),
 			   port, ndev->name, cdev);
+	dev_put(ndev);
 
 	csk = cxgbi_sock_create(cdev);
 	if (!csk) {
-- 
2.25.1
Re: [PATCH] scsi: iscsi: fix reference count leak in cxgbi_check_route()
Posted by michael.christie@oracle.com 1 year, 5 months ago 
On 8/19/24 4:24 AM, Ma Ke wrote:
> cxgbi_check_route() dont release the reference acquired by ip_dev_find()
> which introducing a reference count leak. We could remedy this by
> insuring the reference is released.ip_dev_find().
> 
> Cc: stable@vger.kernel.org
> Fixes: 9ba682f01e2f ("[SCSI] libcxgbi: common library for cxgb3i and cxgb4i")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  drivers/scsi/cxgbi/libcxgbi.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
> index bf75940f2be1..6b0f1e8dac40 100644
> --- a/drivers/scsi/cxgbi/libcxgbi.c
> +++ b/drivers/scsi/cxgbi/libcxgbi.c
> @@ -670,6 +670,7 @@ cxgbi_check_route(struct sockaddr *dst_addr, int ifindex)
>  		"route to %pI4 :%u, ndev p#%d,%s, cdev 0x%p.\n",
>  		&daddr->sin_addr.s_addr, ntohs(daddr->sin_port),
>  			   port, ndev->name, cdev);
> +	dev_put(ndev);

After we call ip_dev_find can we hit one of the error path gotos like
the test for IFF_UP? If so you would leak the reference in those paths.

The ndev above looks like it could come from the ip_dev_find call when
IFF_LOOPBACK is set or it could come from dst_neigh_lookup call. For the
dst_neigh_lookup case we don't want to do a dev_put do we? If you do,
then we are leaking the reference in the goto error paths.


>  
>  	csk = cxgbi_sock_create(cdev);
>  	if (!csk) {

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.