From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Damien Le Moal <damien.lemoal@wdc.com>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
Sreekanth Reddy <sreekanth.reddy@broadcom.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 09/18] scsi: mpt3sas: Fix unlock imbalance
Date: Tue, 14 Jul 2020 10:39:05 -0400 [thread overview]
Message-ID: <20200714143914.4035489-9-sashal@kernel.org> (raw)
In-Reply-To: <20200714143914.4035489-1-sashal@kernel.org>
From: Damien Le Moal <damien.lemoal@wdc.com>
[ Upstream commit cb551b8dc079d2ef189145782627c99cb68c0255 ]
In BRM_status_show(), if the condition "!ioc->is_warpdrive" tested on entry
to the function is true, a "goto out" is called. This results in unlocking
ioc->pci_access_mutex without this mutex lock being taken. This generates
the following splat:
[ 1148.539883] mpt3sas_cm2: BRM_status_show: BRM attribute is only for warpdrive
[ 1148.547184]
[ 1148.548708] =====================================
[ 1148.553501] WARNING: bad unlock balance detected!
[ 1148.558277] 5.8.0-rc3+ #827 Not tainted
[ 1148.562183] -------------------------------------
[ 1148.566959] cat/5008 is trying to release lock (&ioc->pci_access_mutex) at:
[ 1148.574035] [<ffffffffc070b7a3>] BRM_status_show+0xd3/0x100 [mpt3sas]
[ 1148.580574] but there are no more locks to release!
[ 1148.585524]
[ 1148.585524] other info that might help us debug this:
[ 1148.599624] 3 locks held by cat/5008:
[ 1148.607085] #0: ffff92aea3e392c0 (&p->lock){+.+.}-{3:3}, at: seq_read+0x34/0x480
[ 1148.618509] #1: ffff922ef14c4888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x2a/0xb0
[ 1148.630729] #2: ffff92aedb5d7310 (kn->active#224){.+.+}-{0:0}, at: kernfs_seq_start+0x32/0xb0
[ 1148.643347]
[ 1148.643347] stack backtrace:
[ 1148.655259] CPU: 73 PID: 5008 Comm: cat Not tainted 5.8.0-rc3+ #827
[ 1148.665309] Hardware name: HGST H4060-S/S2600STB, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[ 1148.678394] Call Trace:
[ 1148.684750] dump_stack+0x78/0xa0
[ 1148.691802] lock_release.cold+0x45/0x4a
[ 1148.699451] __mutex_unlock_slowpath+0x35/0x270
[ 1148.707675] BRM_status_show+0xd3/0x100 [mpt3sas]
[ 1148.716092] dev_attr_show+0x19/0x40
[ 1148.723664] sysfs_kf_seq_show+0x87/0x100
[ 1148.731193] seq_read+0xbc/0x480
[ 1148.737882] vfs_read+0xa0/0x160
[ 1148.744514] ksys_read+0x58/0xd0
[ 1148.751129] do_syscall_64+0x4c/0xa0
[ 1148.757941] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1148.766240] RIP: 0033:0x7f1230566542
[ 1148.772957] Code: Bad RIP value.
[ 1148.779206] RSP: 002b:00007ffeac1bcac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1148.790063] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f1230566542
[ 1148.800284] RDX: 0000000000020000 RSI: 00007f1223460000 RDI: 0000000000000003
[ 1148.810474] RBP: 00007f1223460000 R08: 00007f122345f010 R09: 0000000000000000
[ 1148.820641] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000
[ 1148.830728] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000
Fix this by returning immediately instead of jumping to the out label.
Link: https://lore.kernel.org/r/20200701085254.51740-1-damien.lemoal@wdc.com
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Acked-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index b95f7d062ea44..82c4ecc16f191 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -2921,7 +2921,7 @@ BRM_status_show(struct device *cdev, struct device_attribute *attr,
if (!ioc->is_warpdrive) {
ioc_err(ioc, "%s: BRM attribute is only for warpdrive\n",
__func__);
- goto out;
+ return 0;
}
/* pci_access_mutex lock acquired by sysfs show path */
mutex_lock(&ioc->pci_access_mutex);
--
2.25.1
next prev parent reply other threads:[~2020-07-14 14:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 14:38 [PATCH AUTOSEL 5.4 01/18] gpio: arizona: handle pm_runtime_get_sync failure case Sasha Levin
2020-07-14 14:38 ` [PATCH AUTOSEL 5.4 02/18] gpio: arizona: put pm_runtime in case of failure Sasha Levin
2020-07-14 14:38 ` [PATCH AUTOSEL 5.4 03/18] KVM: s390: reduce number of IO pins to 1 Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 04/18] pinctrl: amd: fix npins for uart0 in kerncz_groups Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 05/18] mac80211: allow rx of mesh eapol frames with default rx key Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 06/18] scsi: scsi_transport_spi: Fix function pointer check Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 07/18] xtensa: fix __sync_fetch_and_{and,or}_4 declarations Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 08/18] xtensa: update *pos in cpuinfo_op.next Sasha Levin
2020-07-14 14:39 ` Sasha Levin [this message]
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 10/18] drivers/net/wan/lapbether: Fixed the value of hard_header_len Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 11/18] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 12/18] net: usb: qmi_wwan: add support for Quectel EG95 LTE modem Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 13/18] net: sky2: initialize return of gm_phy_read Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 14/18] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 15/18] scsi: mpt3sas: Fix error returns in BRM_status_show Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 16/18] scsi: dh: Add Fujitsu device to devinfo and dh lists Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 17/18] dm: use bio_uninit instead of bio_disassociate_blkg Sasha Levin
2020-07-14 14:39 ` [PATCH AUTOSEL 5.4 18/18] drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714143914.4035489-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=MPT-FusionLinux.pdl@broadcom.com \
--cc=damien.lemoal@wdc.com \
--cc=johannes.thumshirn@wdc.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sreekanth.reddy@broadcom.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).