Hi, On Mon, May 25, 2020 at 10:16:24PM +0800, Xiyu Yang wrote: > In order to create or activate a new node, lpfc_els_unsol_buffer() > invokes lpfc_nlp_init() or lpfc_enable_node() or lpfc_nlp_get(), all of > them will return a reference of the specified lpfc_nodelist object to > "ndlp" with increased refcnt. lpfc_enable_node() is not changing the refcnt. > When lpfc_els_unsol_buffer() returns, local variable "ndlp" becomes > invalid, so the refcount should be decreased to keep refcount balanced. > > The reference counting issue happens in one exception handling path of > lpfc_els_unsol_buffer(). When "ndlp" in DEV_LOSS, the function forgets > to decrease the refcnt increased by lpfc_nlp_init() or > lpfc_enable_node() or lpfc_nlp_get(), causing a refcnt leak. > > Fix this issue by calling lpfc_nlp_put() when "ndlp" in DEV_LOSS. This sounds reasonable. At least the lpfc_nlp_init() and lpfc_nlp_get() case needs this. And I suppose this is also ok for the lfpc_enable_node(). Reviewed-by: Daniel Wagner <dwagner@xxxxxxx> Thanks, Daniel
