* [PATCH] scsi: libsas: fix error handling in sas_register_phys()
@ 2022-11-04 6:46 Yang Yingliang
0 siblings, 0 replies; only message in thread
From: Yang Yingliang @ 2022-11-04 6:46 UTC (permalink / raw)
To: linux-scsi; +Cc: Yang Yingliang, James E.J. Bottomley, Martin K. Petersen
If sas_phy_alloc() returns error in sas_register_phys(), the phys that
have been added are not deleted, so the memory of them are leaked, also,
this leads the list of phy_attr_cont is not empty, it tiggers a BUG while
calling sas_release_transport() in hisi_sas_exit() when removing module.
kernel BUG at ./include/linux/transport_class.h:92!
CPU: 8 PID: 38014 Comm: rmmod Kdump: loaded Not tainted 6.1.0-rc1+ #176
Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : sas_release_transport+0x78/0x84 [scsi_transport_sas]
lr : sas_release_transport+0x2c/0x84 [scsi_transport_sas]
Call trace:
sas_release_transport+0x78/0x84 [scsi_transport_sas]
hisi_sas_exit+0x1c/0x9a8 [hisi_sas_main]
__arm64_sys_delete_module+0x19c/0x358
Fix this by deleting the phys that have been added if sas_phy_alloc()
returns error.
Besides, if sas_phy_add() fails in sas_register_phys(), the phy->dev
is not added to the klist_children of shost_gendev, so the phy can not
be delete in sas_remove_children(), the phy and name memory allocated
in sas_phy_alloc() are leaked.
Fix this by checking and handling return value of sas_phy_add() in
sas_register_phys(), call sas_phy_free() in the error path.
Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
drivers/scsi/libsas/sas_phy.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/libsas/sas_phy.c b/drivers/scsi/libsas/sas_phy.c
index a0d592d11dfb..84853576eb78 100644
--- a/drivers/scsi/libsas/sas_phy.c
+++ b/drivers/scsi/libsas/sas_phy.c
@@ -115,6 +115,7 @@ static void sas_phye_shutdown(struct work_struct *work)
int sas_register_phys(struct sas_ha_struct *sas_ha)
{
+ int ret;
int i;
/* Now register the phys. */
@@ -132,8 +133,10 @@ int sas_register_phys(struct sas_ha_struct *sas_ha)
phy->frame_rcvd_size = 0;
phy->phy = sas_phy_alloc(&sas_ha->core.shost->shost_gendev, i);
- if (!phy->phy)
- return -ENOMEM;
+ if (!phy->phy) {
+ ret = -ENOMEM;
+ goto err_out;
+ }
phy->phy->identify.initiator_port_protocols =
phy->iproto;
@@ -146,10 +149,20 @@ int sas_register_phys(struct sas_ha_struct *sas_ha)
phy->phy->maximum_linkrate = SAS_LINK_RATE_UNKNOWN;
phy->phy->negotiated_linkrate = SAS_LINK_RATE_UNKNOWN;
- sas_phy_add(phy->phy);
+ ret = sas_phy_add(phy->phy);
+ if (ret) {
+ sas_phy_free(phy->phy);
+ goto err_out;
+ }
}
return 0;
+
+err_out:
+ while (i--)
+ sas_phy_delete(sas_ha->sas_phy[i]->phy);
+
+ return ret;
}
const work_func_t sas_phy_event_fns[PHY_NUM_EVENTS] = {
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-11-04 6:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-04 6:46 [PATCH] scsi: libsas: fix error handling in sas_register_phys() Yang Yingliang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.