From patchwork Wed Sep 7 07:36:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sreekanth Reddy X-Patchwork-Id: 606129 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 209D2ECAAD3 for ; Wed, 7 Sep 2022 07:24:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229765AbiIGHY5 (ORCPT ); Wed, 7 Sep 2022 03:24:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229830AbiIGHYj (ORCPT ); Wed, 7 Sep 2022 03:24:39 -0400 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 872D5A2D91 for ; Wed, 7 Sep 2022 00:23:56 -0700 (PDT) Received: by mail-pl1-x62a.google.com with SMTP id f24so13661233plr.1 for ; Wed, 07 Sep 2022 00:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date; bh=CF5y0hU1XM1kAKwhyIVp2nwNhuq3VAuZyR7l8wncyRM=; b=OL5isDSeL7Gr2VHS1Md4iEzlak0TKt3//75r2RaXzrwhLtcuVy1VlzJWAhKf8br54r SpCJGoE8FaReVQICFukSyZ3R4PrR4S3pkdGI9kXEpS+cRX7AzCB5+yl5KL/d2WfRRnzn NIxDre44RuVT4/z0O1GPWcryaIiHvlZTGX9Ko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date; bh=CF5y0hU1XM1kAKwhyIVp2nwNhuq3VAuZyR7l8wncyRM=; b=UUctOngRUxSGecPphxiV+4sKscXTb04lshTDsdNHnYYYb6mFS/Qc9we07Gu+0UR3pz cZgjLrzNb6VwpIU3ZB1P8TE95LyVc4HRQv4nQ95m3Bs6nQPaNzZbKqxaoh9oRbw5+2ge eH+BzHi+DrjLTr5Ohk9/BoGIUYeC1Ty9D6bMQ6TEM/5ufovLopzDV0NM7qJj452cxMM0 3oZEWuGKA1kzfZzZoCjHD6Ze0ZukHdodvI+et5LStmnWxyk1aEr63IdANtc+zwbZKSIO MOwmsmwcyKD5TDuvCc6Pm35EuVoi4dA0RZkABfd0/qcoMrnix/hbCfcqKvLujTuJBYj+ 11Zg== X-Gm-Message-State: ACgBeo2yrbbPclAuXItCFIxm6KjvFQ7fUoeAvwHoinNPo7FNEKoyzrtk dkmT8F3p6uM/UlDy+dAFIKbd1GYuQAhL3YmGs8wrVVoRr3YhVcX1c/4QZfSkocSzS4sTCi6lrvh u6DD/7XtqMdT5BBx6ARMKI4menkp/W7r7SXIdQH76ZgwA0Uv9uGEwB4tv9zp6yj6MLZwfncBjgh LSPjqoU9RH X-Google-Smtp-Source: AA6agR5YbelFjL5OX+pZU0H/930JvJRYwtM6lTg2OpAilSqavMigBDiSKhyIQcUg7E0om2AFHLQfug== X-Received: by 2002:a17:90a:2d8f:b0:200:6efc:ac1e with SMTP id p15-20020a17090a2d8f00b002006efcac1emr2521849pjd.225.1662535435574; Wed, 07 Sep 2022 00:23:55 -0700 (PDT) Received: from dhcp-10-123-20-36.dhcp.broadcom.net ([192.19.234.250]) by smtp.gmail.com with ESMTPSA id v1-20020a1709029a0100b00176c891c893sm3907771plp.131.2022.09.07.00.23.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Sep 2022 00:23:55 -0700 (PDT) From: Sreekanth Reddy To: linux-scsi@vger.kernel.org Cc: martin.petersen@oracle.com, thenzl@redhat.com, Sreekanth Reddy Subject: [PATCH 1/1] mpt3sas: Fix use-after-free warning Date: Wed, 7 Sep 2022 13:06:08 +0530 Message-Id: <20220907073608.12811-2-sreekanth.reddy@broadcom.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220907073608.12811-1-sreekanth.reddy@broadcom.com> References: <20220907073608.12811-1-sreekanth.reddy@broadcom.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Fix below use-after-free warning which is observed during controller reset. refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 Signed-off-by: Sreekanth Reddy --- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c index 3507e2ace903..1ca26851260e 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c @@ -3670,6 +3670,7 @@ static struct fw_event_work *dequeue_next_fw_event(struct MPT3SAS_ADAPTER *ioc) fw_event = list_first_entry(&ioc->fw_event_list, struct fw_event_work, list); list_del_init(&fw_event->list); + fw_event_work_put(fw_event); } spin_unlock_irqrestore(&ioc->fw_event_lock, flags); @@ -3751,7 +3752,6 @@ _scsih_fw_event_cleanup_queue(struct MPT3SAS_ADAPTER *ioc) if (cancel_work_sync(&fw_event->work)) fw_event_work_put(fw_event); - fw_event_work_put(fw_event); } ioc->fw_events_cleanup = 0; }