| Message ID | 20190124052542.12167-1-ming.lu.mlu@gmail.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 5d8fc4a9f0eec20b6c07895022a6bea3fb6dfb38 |
| Headers | show |
| Series | libfc free skb when receiving invalid flogi resp | expand |
On 1/24/19 6:25 AM, ming.lu.mlu@gmail.com wrote: > From: Ming Lu <ming.lu@citrix.com> > > The issue to be fixed in this commit is when libfc found it received a > invalid FLOGI response from FC switch, it would return without freeing > the fc frame, which is just the skb data. This would cause memory leak > if FC switch keeps sending invalid FLOGI responses. > > This fix is just to make it execute `fc_frame_free(fp)` before returning > from function `fc_lport_flogi_resp`. > > Signed-off-by: Ming Lu <ming.lu@citrix.com> > --- > drivers/scsi/libfc/fc_lport.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c > index be83590ed955..ff943f477d6f 100644 > --- a/drivers/scsi/libfc/fc_lport.c > +++ b/drivers/scsi/libfc/fc_lport.c > @@ -1726,14 +1726,14 @@ void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp, > fc_frame_payload_op(fp) != ELS_LS_ACC) { > FC_LPORT_DBG(lport, "FLOGI not accepted or bad response\n"); > fc_lport_error(lport, fp); > - goto err; > + goto out; > } > > flp = fc_frame_payload_get(fp, sizeof(*flp)); > if (!flp) { > FC_LPORT_DBG(lport, "FLOGI bad response\n"); > fc_lport_error(lport, fp); > - goto err; > + goto out; > } > > mfs = ntohs(flp->fl_csp.sp_bb_data) & > @@ -1743,7 +1743,7 @@ void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp, > FC_LPORT_DBG(lport, "FLOGI bad mfs:%hu response, " > "lport->mfs:%hu\n", mfs, lport->mfs); > fc_lport_error(lport, fp); > - goto err; > + goto out; > } > > if (mfs <= lport->mfs) { > Reviewed-by: Hannes Reinecke <hare@suse.com> Cheers, Hannes
Ming, > The issue to be fixed in this commit is when libfc found it received a > invalid FLOGI response from FC switch, it would return without freeing > the fc frame, which is just the skb data. This would cause memory leak > if FC switch keeps sending invalid FLOGI responses. Applied to 5.0/scsi-fixes, thank you!
diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c index be83590ed955..ff943f477d6f 100644 --- a/drivers/scsi/libfc/fc_lport.c +++ b/drivers/scsi/libfc/fc_lport.c @@ -1726,14 +1726,14 @@ void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp, fc_frame_payload_op(fp) != ELS_LS_ACC) { FC_LPORT_DBG(lport, "FLOGI not accepted or bad response\n"); fc_lport_error(lport, fp); - goto err; + goto out; } flp = fc_frame_payload_get(fp, sizeof(*flp)); if (!flp) { FC_LPORT_DBG(lport, "FLOGI bad response\n"); fc_lport_error(lport, fp); - goto err; + goto out; } mfs = ntohs(flp->fl_csp.sp_bb_data) & @@ -1743,7 +1743,7 @@ void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp, FC_LPORT_DBG(lport, "FLOGI bad mfs:%hu response, " "lport->mfs:%hu\n", mfs, lport->mfs); fc_lport_error(lport, fp); - goto err; + goto out; } if (mfs <= lport->mfs) {