Potential Memory Leak Bug and Wrongly Written Code in drivers/scsi/csiostor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
My name is Dongyang Zhan, I am a security researcher.
Currently, I found two bugs in Linux 5.6 drivers/scsi/csiostor/csio_lnode.c.
I hope you can help me to confirm them. Thank you.
The first one is memory leak in  drivers/scsi/csiostor/csio_lnode.c
ln->fcfinfo will not be released when csio_ln_fdmi_init() fails.

static int csio_ln_init(struct csio_lnode *ln)
{
...
 ln->fcfinfo = kzalloc(sizeof(struct csio_fcf_info),
....
 kref_init(&ln->fcfinfo->kref);
if (csio_fdmi_enable && csio_ln_fdmi_init(ln))
    goto err; //ln->fcfinfo will not be released.
...
err:
    return rv;
}
This function is invoked by csio_lnode_init(), and the error code will
be passed to
csio_shost_init() (drivers/scsi/csiostor/csio_init.c), but
csio_shost_init() also does not release ln->fcfinfo.

The second bug is in drivers/scsi/csiostor/csio_lnode.c, csio_handle_link_up().
I think the code is wrongly written.

if (ln->vnp_flowid != CSIO_INVALID_IDX) {
/* New VN-Port */
spin_unlock_irq(&hw->lock);
csio_lnode_alloc(hw);   // this line should be ln=csio_lnode_alloc(hw);
spin_lock_irq(&hw->lock);
if (!ln) {
csio_err(hw,
"failed to allocate fcoe lnode"
"for port:%d vnpi:x%x\n",
portid, vnpi);
CSIO_DB_ASSERT(0);
return;
}
ln->portid = portid;
}



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux