From patchwork Tue Sep 6 13:49:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sreekanth Reddy X-Patchwork-Id: 12967522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CAC0ECAAA1 for ; Tue, 6 Sep 2022 13:44:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233325AbiIFNov (ORCPT ); Tue, 6 Sep 2022 09:44:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238737AbiIFNnb (ORCPT ); Tue, 6 Sep 2022 09:43:31 -0400 Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 724807EFD5 for ; Tue, 6 Sep 2022 06:38:04 -0700 (PDT) Received: by mail-pf1-x42a.google.com with SMTP id c198so1533947pfc.13 for ; Tue, 06 Sep 2022 06:38:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date; bh=48xR+Te4j3PlRH2UTM+0AemQxLblQ/wg0HrKcq2aWPQ=; b=WA92gxrdIvyooE+Pu70IUTdajK+Nd+QgQ+gfnmvFjECD9ssvQf9AgNTElAbwcEpdXH yDAj70TyWN3aqe+r/PQtj8l6s6+CuBc+Pt1heGuhWsFwxVZbaFJiuC/2whK2IWsefk4h 5yazE5L9NcnTRSlbenTPnLE6DKZuzjjl56J2g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date; bh=48xR+Te4j3PlRH2UTM+0AemQxLblQ/wg0HrKcq2aWPQ=; b=6KBdZU0qunpdFBSD56TDTGL6wW4l50ZAa9cYZun0r4/Ddd4kTYlXx+ThwK1ke5bGX4 QfIFHAANC7nPKCU5lu361ALVe+IzfUaW2N9Cb8bS06a+Ion6T4zPS/Wl2o7wckkixGDz CA2O1ub7fqy1KCSNVEJss9nSw3hI6dqdEmGxHaWQWmt6XdDjhB8fA/vZunm96m2m47S6 xqlJrMfm8CMscCgi7EADI2TtMJQAnPiZaxH4NpkR285sMsJJPhJgGwLi9/WnWGpSFcqa xWQl1p2J52ud+kADPgJG1CJHGQ/0ceko3EuL7y8nCjrXWFsx3QncNOjYSGey9CWHjWkk oj/w== X-Gm-Message-State: ACgBeo2CWDxKLs/wTzRIGMLipX43qvpu7kGB3goW9YCZl0lIHrJeBot3 yaOPZWyoZWtKBLwHRSNsY8jiLbLbwPqChnfXvRV9TFbWZgLdWseZySsX0A4MGMmvsutiRB6i23f Xot387wa9YeE0kfTGBqr6CNWiYWZL/zTybN+sSar7NpMJ7jAaY9kcKr8CdsIPckomio3R/D94yE zkIH5Wfv4y X-Google-Smtp-Source: AA6agR4ugp3djj5HH9bcD4oTWDzURqtuLFE0hoC+h2vv012RTxkGgBr5GXckq+WWc2OJhhtoQBFMow== X-Received: by 2002:a05:6a00:4ac3:b0:53e:5683:49c with SMTP id ds3-20020a056a004ac300b0053e5683049cmr615928pfb.41.1662471412106; Tue, 06 Sep 2022 06:36:52 -0700 (PDT) Received: from dhcp-10-123-20-36.dhcp.broadcom.net ([192.19.234.250]) by smtp.gmail.com with ESMTPSA id d6-20020a170902654600b00172dc6e1916sm4890750pln.220.2022.09.06.06.36.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Sep 2022 06:36:51 -0700 (PDT) From: Sreekanth Reddy To: linux-scsi@vger.kernel.org Cc: martin.petersen@oracle.com, thenzl@redhat.com, Sreekanth Reddy Subject: [PATCH 1/1] mpt3sas: Fix use-after-free warning Date: Tue, 6 Sep 2022 19:19:08 +0530 Message-Id: <20220906134908.1039-2-sreekanth.reddy@broadcom.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220906134908.1039-1-sreekanth.reddy@broadcom.com> References: <20220906134908.1039-1-sreekanth.reddy@broadcom.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Fix below use-after-free warning which is observed during controller reset. refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 Signed-off-by: Sreekanth Reddy --- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c index 3507e2ace903..1ca26851260e 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c @@ -3670,6 +3670,7 @@ static struct fw_event_work *dequeue_next_fw_event(struct MPT3SAS_ADAPTER *ioc) fw_event = list_first_entry(&ioc->fw_event_list, struct fw_event_work, list); list_del_init(&fw_event->list); + fw_event_work_put(fw_event); } spin_unlock_irqrestore(&ioc->fw_event_lock, flags); @@ -3751,7 +3752,6 @@ _scsih_fw_event_cleanup_queue(struct MPT3SAS_ADAPTER *ioc) if (cancel_work_sync(&fw_event->work)) fw_event_work_put(fw_event); - fw_event_work_put(fw_event); } ioc->fw_events_cleanup = 0; }