[0/1] mpt3sas: Fix use-after-free warning

Message ID	20220906134908.1039-1-sreekanth.reddy@broadcom.com (mailing list archive)
Headers	show Return-Path: <linux-scsi-owner@kernel.org> From: Sreekanth Reddy <sreekanth.reddy@broadcom.com> To: linux-scsi@vger.kernel.org Cc: martin.petersen@oracle.com, thenzl@redhat.com, Sreekanth Reddy <sreekanth.reddy@broadcom.com> Subject: [PATCH 0/1] mpt3sas: Fix use-after-free warning Date: Tue, 6 Sep 2022 19:19:07 +0530 Message-Id: <20220906134908.1039-1-sreekanth.reddy@broadcom.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000de248605e802490d" Precedence: bulk
Series	mpt3sas: Fix use-after-free warning \| expand [0/1] mpt3sas: Fix use-after-free warning [1/1] mpt3sas: Fix use-after-free warning

Message ID

20220906134908.1039-1-sreekanth.reddy@broadcom.com (mailing list archive)

Headers

From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
To: linux-scsi@vger.kernel.org
Cc: martin.petersen@oracle.com, thenzl@redhat.com,
        Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Subject: [PATCH 0/1] mpt3sas: Fix use-after-free warning
Date: Tue,  6 Sep 2022 19:19:07 +0530
Message-Id: <20220906134908.1039-1-sreekanth.reddy@broadcom.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg=sha-256;
        boundary="000000000000de248605e802490d"
Precedence: bulk

Series

mpt3sas: Fix use-after-free warning | expand

Message

Sreekanth Reddy Sept. 6, 2022, 1:49 p.m. UTC

Fix below use-after-free warning which is observed during
controller reset.
 
[ 1765.313756] ------------[ cut here ]------------
[ 1765.313759] refcount_t: underflow; use-after-free.
[ 1765.313774] WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
[ 1765.313783] Modules linked in: mpt3sas(OE) joydev uinput snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set rfkill nf_tables nfnetlink qrtr vfat fat snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer iTCO_wdt iTCO_vendor_support snd soundcore ses enclosure intel_rapl_msr intel_rapl_common lpc_ich i2c_i801 virtio_balloon i2c_smbus pcspkr xfs libcrc32c sd_mod t10_pi qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec ahci sr_mod libahci cdrom crct10dif_pclmul sg crc32_pclmul crc32c_intel raid_class libata drm ghash_clmulni_intel serio_raw e1000 scsi_transport_sas virtio_console virtio_blk virtio_scsi dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse
[ 1765.313851]  [last unloaded: mpt3sas]
[ 1765.313854] CPU: 23 PID: 5399 Comm: sg_reset Kdump: loaded Tainted: G           OE    --------- ---  5.14.0-70.13.1.rt21.83.el9_0.x86_64 #1
[ 1765.313858] Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015
[ 1765.313860] RIP: 0010:refcount_warn_saturate+0xa6/0xf0
[ 1765.313863] Code: 05 fd 59 ac 01 01 e8 82 83 53 00 0f 0b c3 80 3d eb 59 ac 01 00 75 95 48 c7 c7 b0 02 38 96 c6 05 db 59 ac 01 01 e8 63 83 53 00 <0f> 0b c3 80 3d ca 59 ac 01 00 0f 85 72 ff ff ff 48 c7 c7 08 03 38
[ 1765.313866] RSP: 0018:ffffa5aa4238fd78 EFLAGS: 00010286
[ 1765.313868] RAX: 0000000000000000 RBX: ffff91c9037fe9a0 RCX: 0000000000000000
[ 1765.313870] RDX: 0000000000000000 RSI: ffffffff9636e23c RDI: 00000000ffffffff
[ 1765.313872] RBP: ffff91c9099b2200 R08: ffffffff96a72740 R09: ffffa5aa4238fd10
[ 1765.313873] R10: 0000000000000001 R11: ffffffffffffffff R12: ffff91c9037fec40
[ 1765.313875] R13: 00000000ffffffff R14: ffff91c9037fec60 R15: ffff91c9099b22b8
[ 1765.313879] FS:  00007fd16c624600(0000) GS:ffff91d05fdc0000(0000) knlGS:0000000000000000
[ 1765.313884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1765.313886] CR2: 00007fd16c5d78ab CR3: 0000000106228000 CR4: 0000000000350ee0
[ 1765.313887] Call Trace:
[ 1765.313911]  _scsih_fw_event_cleanup_queue+0x1ce/0x200 [mpt3sas]
[ 1765.313936]  mpt3sas_scsih_clear_outstanding_scsi_tm_commands+0xd1/0x140 [mpt3sas]
[ 1765.313955]  mpt3sas_base_hard_reset_handler+0x17f/0x260 [mpt3sas]
[ 1765.313973]  _scsih_host_reset+0x88/0xca [mpt3sas]
[ 1765.313996]  scsi_try_host_reset+0x3a/0xd0
[ 1765.314003]  scsi_ioctl_reset+0x22b/0x290
[ 1765.314006]  scsi_ioctl+0x18/0x60
[ 1765.314011]  blkdev_ioctl+0x13e/0x280
[ 1765.314017]  __x64_sys_ioctl+0x82/0xb0
[ 1765.314021]  do_syscall_64+0x3b/0x90
[ 1765.314026]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1765.314031] RIP: 0033:0x7fd16c45cc0b
[ 1765.314034] Code: 73 01 c3 48 8b 0d 1d 62 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 61 1b 00 f7 d8 64 89 01 48
[ 1765.314051] RSP: 002b:00007ffeffd46b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1765.314053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd16c45cc0b
[ 1765.314055] RDX: 00007ffeffd46b74 RSI: 0000000000002284 RDI: 0000000000000003
[ 1765.314056] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
[ 1765.314057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeffd46b74
[ 1765.314059] R13: 00007ffeffd48618 R14: 0000557f24af890d R15: 0000557f24afa020
[ 1765.314062] ---[ end trace 0000000000000002 ]---

Sreekanth Reddy (1):
  mpt3sas: Fix use-after-free warning

 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)