1. Patchew
  2. linux
  3. View series

[PATCH] [SCSI] iscsi: fix error handling in iscsi_add_session()

Ma Ke posted 1 patch 9 months, 1 week ago 
drivers/scsi/scsi_transport_iscsi.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] [SCSI] iscsi: fix error handling in iscsi_add_session()
Posted by Ma Ke 9 months, 1 week ago 
Once device_add() failed, we should call put_device() to decrement
reference count for cleanup. Or it could cause memory leak.

As comment of device_add() says, 'if device_add() succeeds, you should
call device_del() when you want to get rid of it. If device_add() has
not succeeded, use only put_device() to drop the reference count'.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: 8434aa8b6fe5 ("[SCSI] iscsi: break up session creation into two stages")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 drivers/scsi/scsi_transport_iscsi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index 9c347c64c315..74333e182612 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -2114,6 +2114,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
 release_dev:
 	device_del(&session->dev);
 release_ida:
+	put_device(&session->dev);
 	if (session->ida_used)
 		ida_free(&iscsi_sess_ida, session->target_id);
 destroy_wq:
-- 
2.25.1
Re: [PATCH] [SCSI] iscsi: fix error handling in iscsi_add_session()
Posted by Greg KH 9 months, 1 week ago 
On Thu, Mar 13, 2025 at 04:15:07PM +0800, Ma Ke wrote:
> Once device_add() failed, we should call put_device() to decrement
> reference count for cleanup. Or it could cause memory leak.
> 
> As comment of device_add() says, 'if device_add() succeeds, you should
> call device_del() when you want to get rid of it. If device_add() has
> not succeeded, use only put_device() to drop the reference count'.
> 
> Found by code review.
> 
> Cc: stable@vger.kernel.org
> Fixes: 8434aa8b6fe5 ("[SCSI] iscsi: break up session creation into two stages")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  drivers/scsi/scsi_transport_iscsi.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
> index 9c347c64c315..74333e182612 100644
> --- a/drivers/scsi/scsi_transport_iscsi.c
> +++ b/drivers/scsi/scsi_transport_iscsi.c
> @@ -2114,6 +2114,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
>  release_dev:
>  	device_del(&session->dev);
>  release_ida:
> +	put_device(&session->dev);
>  	if (session->ida_used)
>  		ida_free(&iscsi_sess_ida, session->target_id);
>  destroy_wq:

How was this tested?

I do not think this change is correct at all, please prove it by showing
how it was tested.

thanks,


greg k-h

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.