From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
sathya.prakash@broadcom.com,
suganath-prabu.subramani@broadcom.com, jejb@linux.ibm.com,
MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 10/12] scsi: mpt3sas: Fix use-after-free warning
Date: Wed, 14 Sep 2022 05:04:03 -0400 [thread overview]
Message-ID: <20220914090407.471328-10-sashal@kernel.org> (raw)
In-Reply-To: <20220914090407.471328-1-sashal@kernel.org>
From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
[ Upstream commit 991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34 ]
Fix the following use-after-free warning which is observed during
controller reset:
refcount_t: underflow; use-after-free.
WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
Link: https://lore.kernel.org/r/20220906134908.1039-2-sreekanth.reddy@broadcom.com
Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index 97c1f242ef0a3..044a00edb5459 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -3238,6 +3238,7 @@ static struct fw_event_work *dequeue_next_fw_event(struct MPT3SAS_ADAPTER *ioc)
fw_event = list_first_entry(&ioc->fw_event_list,
struct fw_event_work, list);
list_del_init(&fw_event->list);
+ fw_event_work_put(fw_event);
}
spin_unlock_irqrestore(&ioc->fw_event_lock, flags);
@@ -3272,7 +3273,6 @@ _scsih_fw_event_cleanup_queue(struct MPT3SAS_ADAPTER *ioc)
if (cancel_work_sync(&fw_event->work))
fw_event_work_put(fw_event);
- fw_event_work_put(fw_event);
}
}
--
2.35.1
next prev parent reply other threads:[~2022-09-14 9:12 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-14 9:03 [PATCH AUTOSEL 5.4 01/12] ASoC: nau8824: Fix semaphore unbalance at error paths Sasha Levin
2022-09-14 9:03 ` Sasha Levin
2022-09-14 9:03 ` [PATCH AUTOSEL 5.4 02/12] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() Sasha Levin
2022-09-14 9:03 ` [PATCH AUTOSEL 5.4 03/12] rxrpc: Fix local destruction being repeated Sasha Levin
2022-09-14 9:03 ` [PATCH AUTOSEL 5.4 04/12] rxrpc: Fix calc of resend age Sasha Levin
2022-09-14 9:03 ` [PATCH AUTOSEL 5.4 05/12] ALSA: hda/sigmatel: Keep power up while beep is enabled Sasha Levin
2022-09-14 9:03 ` Sasha Levin
2022-09-14 9:03 ` [PATCH AUTOSEL 5.4 06/12] ALSA: hda/tegra: Align BDL entry to 4KB boundary Sasha Levin
2022-09-14 9:03 ` Sasha Levin
2022-09-14 9:04 ` [PATCH AUTOSEL 5.4 07/12] ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() Sasha Levin
2022-09-14 9:04 ` Sasha Levin
2022-09-14 9:04 ` [PATCH AUTOSEL 5.4 08/12] net: usb: qmi_wwan: add Quectel RM520N Sasha Levin
2022-09-14 9:04 ` [PATCH AUTOSEL 5.4 09/12] afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked Sasha Levin
2022-09-14 9:04 ` Sasha Levin [this message]
2022-09-14 9:04 ` [PATCH AUTOSEL 5.4 11/12] MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() Sasha Levin
2022-09-14 9:04 ` [PATCH AUTOSEL 5.4 12/12] mksysmap: Fix the mismatch of 'L0' symbols in System.map Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220914090407.471328-10-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=MPT-FusionLinux.pdl@broadcom.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sathya.prakash@broadcom.com \
--cc=sreekanth.reddy@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=suganath-prabu.subramani@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.