| Message ID | 20180905135347.138195-4-hare@suse.de (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | qedf: fixup NULL pointer reference in fc_lookup_rport() | expand |
diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index dd64236ef4c4..3407a05e898b 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -908,8 +908,10 @@ static int qedf_xmit(struct fc_lport *lport, struct fc_frame *fp) "Dropping FCoE frame to %06x.\n", ntoh24(fh->fh_d_id)); kfree_skb(skb); rdata = fc_rport_lookup(lport, ntoh24(fh->fh_d_id)); - if (rdata) + if (rdata) { rdata->retries = lport->max_rport_retry_count; + kref_put(&rdata->kref, fc_rport_destroy); + } return -EINVAL; } /* End NPIV filtering */
qedf_xmit() calls fc_rport_lookup(), but discards the returned rdata structure almost immediately without decreasing the refcount. This leads to a refcount leak and the rdata never to be freed. Signed-off-by: Hannes Reinecke <hare@suse.com> --- drivers/scsi/qedf/qedf_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)