From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
sathya.prakash@broadcom.com,
suganath-prabu.subramani@broadcom.com, jejb@linux.ibm.com,
MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.19 18/22] scsi: mpt3sas: Fix use-after-free warning
Date: Wed, 14 Sep 2022 05:00:59 -0400 [thread overview]
Message-ID: <20220914090103.470630-18-sashal@kernel.org> (raw)
In-Reply-To: <20220914090103.470630-1-sashal@kernel.org>
From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
[ Upstream commit 991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34 ]
Fix the following use-after-free warning which is observed during
controller reset:
refcount_t: underflow; use-after-free.
WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
Link: https://lore.kernel.org/r/20220906134908.1039-2-sreekanth.reddy@broadcom.com
Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index 5e8887fa02c8a..e3b7ebf464244 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -3670,6 +3670,7 @@ static struct fw_event_work *dequeue_next_fw_event(struct MPT3SAS_ADAPTER *ioc)
fw_event = list_first_entry(&ioc->fw_event_list,
struct fw_event_work, list);
list_del_init(&fw_event->list);
+ fw_event_work_put(fw_event);
}
spin_unlock_irqrestore(&ioc->fw_event_lock, flags);
@@ -3751,7 +3752,6 @@ _scsih_fw_event_cleanup_queue(struct MPT3SAS_ADAPTER *ioc)
if (cancel_work_sync(&fw_event->work))
fw_event_work_put(fw_event);
- fw_event_work_put(fw_event);
}
ioc->fw_events_cleanup = 0;
}
--
2.35.1
next prev parent reply other threads:[~2022-09-14 9:04 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-14 9:00 [PATCH AUTOSEL 5.19 01/22] arm64: dts: juno: Add missing MHU secure-irq Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 02/22] spi: cadence-quadspi: Disable irqs during indirect reads Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 03/22] ASoC: nau8824: Fix semaphore unbalance at error paths Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 04/22] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 05/22] ASoC: fsl_aud2htx: register platform component before registering cpu dai Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 06/22] ASoC: fsl_aud2htx: Add error handler for pm_runtime_enable Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 07/22] scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 08/22] rxrpc: Fix local destruction being repeated Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 09/22] rxrpc: Fix calc of resend age Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 10/22] wifi: mac80211_hwsim: check length for virtio packets Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 11/22] ALSA: hda/sigmatel: Keep power up while beep is enabled Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 12/22] erofs: avoid the potentially wrong m_plen for big pcluster Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 13/22] ALSA: hda/tegra: Align BDL entry to 4KB boundary Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 14/22] ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 15/22] drm/ttm: update bulk move object of ghost BO Sasha Levin
2022-09-14 9:00 ` Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 16/22] net: usb: qmi_wwan: add Quectel RM520N Sasha Levin
2022-09-14 9:00 ` [PATCH AUTOSEL 5.19 17/22] afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked Sasha Levin
2022-09-14 9:00 ` Sasha Levin [this message]
2022-09-14 9:01 ` [PATCH AUTOSEL 5.19 19/22] MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() Sasha Levin
2022-09-14 9:01 ` [PATCH AUTOSEL 5.19 20/22] drm/amdgpu: prevent toc firmware memory leak Sasha Levin
2022-09-14 9:01 ` Sasha Levin
2022-09-14 9:01 ` Sasha Levin
2022-09-14 9:01 ` [PATCH AUTOSEL 5.19 21/22] drm/panfrost: devfreq: set opp to the recommended one to configure regulator Sasha Levin
2022-09-14 9:01 ` Sasha Levin
2022-09-14 9:01 ` [PATCH AUTOSEL 5.19 22/22] mksysmap: Fix the mismatch of 'L0' symbols in System.map Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220914090103.470630-18-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=MPT-FusionLinux.pdl@broadcom.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sathya.prakash@broadcom.com \
--cc=sreekanth.reddy@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=suganath-prabu.subramani@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.