Hi,
My name is Dongyang Zhan, I am a security researcher.
Currently, I found two bugs in Linux 5.6 drivers/scsi/csiostor/csio_lnode.c.
I hope you can help me to confirm them. Thank you.
The first one is memory leak in drivers/scsi/csiostor/csio_lnode.c
ln->fcfinfo will not be released when csio_ln_fdmi_init() fails.
static int csio_ln_init(struct csio_lnode *ln)
{
...
ln->fcfinfo = kzalloc(sizeof(struct csio_fcf_info),
....
kref_init(&ln->fcfinfo->kref);
if (csio_fdmi_enable && csio_ln_fdmi_init(ln))
goto err; //ln->fcfinfo will not be released.
...
err:
return rv;
}
This function is invoked by csio_lnode_init(), and the error code will
be passed to
csio_shost_init() (drivers/scsi/csiostor/csio_init.c), but
csio_shost_init() also does not release ln->fcfinfo.
The second bug is in drivers/scsi/csiostor/csio_lnode.c, csio_handle_link_up().
I think the code is wrongly written.
if (ln->vnp_flowid != CSIO_INVALID_IDX) {
/* New VN-Port */
spin_unlock_irq(&hw->lock);
csio_lnode_alloc(hw); // this line should be ln=csio_lnode_alloc(hw);
spin_lock_irq(&hw->lock);
if (!ln) {
csio_err(hw,
"failed to allocate fcoe lnode"
"for port:%d vnpi:x%x\n",
portid, vnpi);
CSIO_DB_ASSERT(0);
return;
}
ln->portid = portid;
}
