From patchwork Tue Feb 28 14:08:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ranjan Kumar X-Patchwork-Id: 13154950 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6709FC7EE31 for ; Tue, 28 Feb 2023 14:09:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229827AbjB1OJR (ORCPT ); Tue, 28 Feb 2023 09:09:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229822AbjB1OJL (ORCPT ); Tue, 28 Feb 2023 09:09:11 -0500 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66F1F13511 for ; Tue, 28 Feb 2023 06:09:10 -0800 (PST) Received: by mail-pl1-x62e.google.com with SMTP id u5so7153925plq.7 for ; Tue, 28 Feb 2023 06:09:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=FERgD2iKz0+gFchnxeePritW76LxjZ46d/ToQONGRiA=; b=hubb/lQSMfxufh26WuY0C4rE0a4sAtOo48lvKethloi0qR2jckwF5kcypxlcoTzWAW quVdP9i//Zvm94qFT1d/idArzTcinO+i19/1Jva7gBErikvqHm9FPM7CL8llOVyRrqJb vqvqoHMocs+2m3Pd1qF/4ZPeVTbRO2OE7mbWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FERgD2iKz0+gFchnxeePritW76LxjZ46d/ToQONGRiA=; b=XO/SPVnimqKZkfHREYbPFz0QfvrQA+N+PlsytJI8ZvnfiNSJTVyKYzyOrkZPuM44o5 I3Bois5g0GUUZqoTI1f/LATGl2V4lW5fooozH3L8cteg0w3NDv4v0kPX8baQXaucmb2x Xk9J7Jf/FSZEB+S/lTuMGShhz5SYm1Z67Juv0xMOerFw2Q6lWblM9RIHTKvmAFAu2ZnJ cQsVqjiK3sa/zv+ZwxlsBoFyvCTcE7IJrUSSebXdEdKnQoBIzLgcG17PQEV3RQvuO9uB ABVTLkHuWOMxlAmFM0yYHbzsT61CxRrB78HVlC2gKG8Dt6VTzr7kgCCCFA+GA2DsJHgC 2JqQ== X-Gm-Message-State: AO0yUKXETEmfTZ7MCYYny9FnhNZO5m2KtArGJonUT7xePwE+2cfgEeT+ xOV45RSldL/8gGVjbLfhbcD39J1kGZ6o4Hlw3zW3fctxSaLMOIf3s3+F9BPUR+1sxpNuXiRWi2f n/f6VS5/bk5K2uZgYuYek4tBsYHwjoBvb/vOhi/jyByE5myU9ya2iwV9hiI5AVSs16mMQzgDnYK vKIphv4Ew= X-Google-Smtp-Source: AK7set+DR3Y1GluEqS4g1ocTwW91bNwNNn97AmrOaKygUfxr//xLE+U1yKtgiE/nHC+j7xdEijXCgw== X-Received: by 2002:a17:902:be16:b0:199:190c:3c0a with SMTP id r22-20020a170902be1600b00199190c3c0amr2505269pls.31.1677593349844; Tue, 28 Feb 2023 06:09:09 -0800 (PST) Received: from localhost.localdomain ([192.19.234.250]) by smtp.gmail.com with ESMTPSA id ji1-20020a170903324100b00198e03c3ad4sm6625465plb.278.2023.02.28.06.09.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Feb 2023 06:09:09 -0800 (PST) From: Ranjan Kumar To: linux-scsi@vger.kernel.org, martin.petersen@oracle.com Cc: rajsekhar.chundru@broadcom.com, sathya.prakash@broadcom.com, sumit.saxena@broadcom.com, Ranjan Kumar , Sreekanth Reddy Subject: [PATCH 6/6] mpi3mr: Bad drive in topology results kernel crash Date: Tue, 28 Feb 2023 06:08:35 -0800 Message-Id: <20230228140835.4075-7-ranjan.kumar@broadcom.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20230228140835.4075-1-ranjan.kumar@broadcom.com> References: <20230228140835.4075-1-ranjan.kumar@broadcom.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org When the SAS Transport Layer support is enabled and when a device exposed to the OS by the driver failed Inquiry commands then the driver frees up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared.When the firmware sends the Device Info change event for the same device again,then the freed memory is accessed and that leads to memory corruption and OS crash. Signed-off-by: Ranjan Kumar Signed-off-by: Sreekanth Reddy --- drivers/scsi/mpi3mr/mpi3mr_transport.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index 584daf8a3ac9..1869e45e04d4 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -2358,15 +2358,16 @@ int mpi3mr_report_tgtdev_to_sas_transport(struct mpi3mr_ioc *mrioc, tgtdev->host_exposed = 1; if (!mpi3mr_sas_port_add(mrioc, tgtdev->dev_handle, sas_address_parent, hba_port)) { - tgtdev->host_exposed = 0; retval = -1; - } else if ((!tgtdev->starget)) { - if (!mrioc->is_driver_loading) + } else if ((!tgtdev->starget) && (!mrioc->is_driver_loading)) { mpi3mr_sas_port_remove(mrioc, sas_address, sas_address_parent, hba_port); - tgtdev->host_exposed = 0; retval = -1; } + if (retval) { + tgtdev->dev_spec.sas_sata_inf.hba_port = NULL; + tgtdev->host_exposed = 0; + } return retval; } @@ -2395,6 +2396,7 @@ void mpi3mr_remove_tgtdev_from_sas_transport(struct mpi3mr_ioc *mrioc, mpi3mr_sas_port_remove(mrioc, sas_address, sas_address_parent, hba_port); tgtdev->host_exposed = 0; + tgtdev->dev_spec.sas_sata_inf.hba_port = NULL; } /** @@ -2451,7 +2453,7 @@ static u8 mpi3mr_get_port_id_by_rphy(struct mpi3mr_ioc *mrioc, struct sas_rphy * tgtdev = __mpi3mr_get_tgtdev_by_addr_and_rphy(mrioc, rphy->identify.sas_address, rphy); - if (tgtdev) { + if (tgtdev && tgtdev->dev_spec.sas_sata_inf.hba_port) { port_id = tgtdev->dev_spec.sas_sata_inf.hba_port->port_id; mpi3mr_tgtdev_put(tgtdev);