[PATCH] scsi: mpt3sas: Fix _pcie_device refcnt leak when removing pcie device

[Xiyu Yang]

_scsih_pcie_device_remove_by_handle() invokes
__mpt3sas_get_pdev_by_handle(), which returns a reference of the
specified _pcie_device object to "pcie_device" with increased refcnt.

When _scsih_pcie_device_remove_by_handle() returns, local variable
"pcie_device" becomes invalid, so the refcount should be decreased to
keep refcount balanced.

The reference counting issue happens in one normal path of
_scsih_pcie_device_remove_by_handle(). When remove pcie device, the
function forgets to decrease the refcnt increased by
__mpt3sas_get_pdev_by_handle(), causing a refcnt leak.

Fix this issue by calling pcie_device_put() before
_scsih_pcie_device_remove_by_handle() returns.

Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
---
 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index c597d544eb39..a1e69daffc1b 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -1159,7 +1159,6 @@ _scsih_pcie_device_remove_by_handle(struct MPT3SAS_ADAPTER *ioc, u16 handle)
 	spin_unlock_irqrestore(&ioc->pcie_device_lock, flags);
 	if (was_on_pcie_device_list) {
 		_scsih_pcie_device_remove_from_sml(ioc, pcie_device);
-		pcie_device_put(pcie_device);
 	}
 
 	/*
@@ -1169,6 +1168,8 @@ _scsih_pcie_device_remove_by_handle(struct MPT3SAS_ADAPTER *ioc, u16 handle)
 	 */
 	if (update_latency)
 		_scsih_set_nvme_max_shutdown_latency(ioc);
+	if (pcie_device)
+		pcie_device_put(pcie_device);
 }
 
 /**
-- 
2.7.4