[PATCH openEuler-1.0-LTS] scsi: megaraid_sas: Fix resource leak in case of probe failure - Kernel

3 Jun 2024

From: Chandrakanth Patil chandrakanth.patil@broadcom.com
mainline inclusion
from mainline-v5.14-rc1
commit b5438f48fdd8e1c3f130d32637511efd32038152
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RE1F
CVE: CVE-2021-47329
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
The driver doesn't clean up all the allocated resources properly when
scsi_add_host(), megasas_start_aen() function fails during the PCI device
probe.
Clean up all those resources.
Link: https://lore.kernel.org/r/20210528131307.25683-3-chandrakanth.patil@broadcom...
Signed-off-by: Chandrakanth Patil chandrakanth.patil@broadcom.com
Signed-off-by: Sumit Saxena sumit.saxena@broadcom.com
Signed-off-by: Martin K. Petersen martin.petersen@oracle.com
Conflicts:
    drivers/scsi/megaraid/megaraid_sas_base.c
Signed-off-by: l00855224 <l00855224@notesmail.huawei.com/>
---
 drivers/scsi/megaraid/megaraid_sas_base.c   | 10 ++++++++++
 drivers/scsi/megaraid/megaraid_sas_fusion.c |  1 +
 2 files changed, 11 insertions(+)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 3f0752dc8ab5..b993b79ed38f 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -6620,11 +6620,16 @@ static int megasas_probe_one(struct pci_dev *pdev,
    return 0;
fail_start_aen:
+	instance->unload = 1;
+	scsi_remove_host(instance->host);
 fail_io_attach:
    megasas_mgmt_info.count--;
    megasas_mgmt_info.max_index--;
    megasas_mgmt_info.instance[megasas_mgmt_info.max_index] = NULL;
+	if (instance->requestorId && !instance->skip_heartbeat_timer_del)
+		del_timer_sync(&instance->sriov_heartbeat_timer);
+
    instance->instancet->disable_intr(instance);
    megasas_destroy_irqs(instance);
@@ -6632,8 +6637,13 @@ static int megasas_probe_one(struct pci_dev *pdev,
    	megasas_release_fusion(instance);
    else
    	megasas_release_mfi(instance);
+
    if (instance->msix_vectors)
    	pci_free_irq_vectors(instance->pdev);
+	instance->msix_vectors = 0;
+
+	if (instance->fw_crash_state != UNAVAILABLE)
+		megasas_free_host_crash_buffer(instance);
 fail_init_mfi:
    scsi_host_put(host);
 fail_alloc_instance:
diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
index f45c54f02bfa..9d4941cb961b 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
@@ -4857,6 +4857,7 @@ megasas_alloc_fusion_context(struct megasas_instance *instance)
    	if (!fusion->log_to_span) {
    		dev_err(&instance->pdev->dev, "Failed from %s %d\n",
    			__func__, __LINE__);
+			kfree(instance->ctrl_context);
    		return -ENOMEM;
    	}
    }
-- 
2.34.1


    