From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 10 Sep 2022 06:37:14 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.19.9~55
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e65afb2791a1f6dfca9301f41851ed9aaa4ef0ae;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	scsi-mpt3sas-fix-use-after-free-warning.patch
---

diff --git a/queue-4.19/scsi-mpt3sas-fix-use-after-free-warning.patch b/queue-4.19/scsi-mpt3sas-fix-use-after-free-warning.patch
new file mode 100644
index 00000000000..3b43bb8165d
--- /dev/null
+++ b/queue-4.19/scsi-mpt3sas-fix-use-after-free-warning.patch
@@ -0,0 +1,41 @@
+From 991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34 Mon Sep 17 00:00:00 2001
+From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
+Date: Tue, 6 Sep 2022 19:19:08 +0530
+Subject: scsi: mpt3sas: Fix use-after-free warning
+
+From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
+
+commit 991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34 upstream.
+
+Fix the following use-after-free warning which is observed during
+controller reset:
+
+refcount_t: underflow; use-after-free.
+WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
+
+Link: https://lore.kernel.org/r/20220906134908.1039-2-sreekanth.reddy@broadcom.com
+Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/mpt3sas/mpt3sas_scsih.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+@@ -3215,6 +3215,7 @@ static struct fw_event_work *dequeue_nex
+ 		fw_event = list_first_entry(&ioc->fw_event_list,
+ 				struct fw_event_work, list);
+ 		list_del_init(&fw_event->list);
++		fw_event_work_put(fw_event);
+ 	}
+ 	spin_unlock_irqrestore(&ioc->fw_event_lock, flags);
+ 
+@@ -3249,7 +3250,6 @@ _scsih_fw_event_cleanup_queue(struct MPT
+ 		if (cancel_work_sync(&fw_event->work))
+ 			fw_event_work_put(fw_event);
+ 
+-		fw_event_work_put(fw_event);
+ 	}
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 237253ff46c..23ad50205dc 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -60,3 +60,4 @@ alsa-aloop-fix-random-zeros-in-capture-data-when-using-jiffies-timer.patch
 alsa-usb-audio-fix-an-out-of-bounds-bug-in-__snd_usb_parse_audio_interface.patch
 kprobes-prohibit-probes-in-gate-area.patch
 debugfs-add-debugfs_lookup_and_remove.patch
+scsi-mpt3sas-fix-use-after-free-warning.patch