superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/scsi
History
Quinn Tran 1fc94de1c1 scsi: qla2xxx: Fix system crash due to bad pointer access 
commit 19597cad64 upstream.

User experiences system crash when running AER error injection.  The
perturbation causes the abort-all-I/O path to trigger. The driver assumes
all I/O on this path is FCP only. If there is both NVMe & FCP traffic, a
system crash happens. Add additional check to see if I/O is FCP or not
before access.

PID: 999019  TASK: ff35d769f24722c0  CPU: 53  COMMAND: "kworker/53:1"
 0 [ff3f78b964847b58] machine_kexec at ffffffffae86973d
 1 [ff3f78b964847ba8] __crash_kexec at ffffffffae9be29d
 2 [ff3f78b964847c70] crash_kexec at ffffffffae9bf528
 3 [ff3f78b964847c78] oops_end at ffffffffae8282ab
 4 [ff3f78b964847c98] exc_page_fault at ffffffffaf2da502
 5 [ff3f78b964847cc0] asm_exc_page_fault at ffffffffaf400b62
   [exception RIP: qla2x00_abort_srb+444]
   RIP: ffffffffc07b5f8c  RSP: ff3f78b964847d78  RFLAGS: 00010046
   RAX: 0000000000000282  RBX: ff35d74a0195a200  RCX: ff35d76886fd03a0
   RDX: 0000000000000001  RSI: ffffffffc07c5ec8  RDI: ff35d74a0195a200
   RBP: ff35d76913d22080   R8: ff35d7694d103200   R9: ff35d7694d103200
   R10: 0000000100000000  R11: ffffffffb05d6630  R12: 0000000000010000
   R13: ff3f78b964847df8  R14: ff35d768d8754000  R15: ff35d768877248e0
   ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 6 [ff3f78b964847d70] qla2x00_abort_srb at ffffffffc07b5f84 [qla2xxx]
 7 [ff3f78b964847de0] __qla2x00_abort_all_cmds at ffffffffc07b6238 [qla2xxx]
 8 [ff3f78b964847e38] qla2x00_abort_all_cmds at ffffffffc07ba635 [qla2xxx]
 9 [ff3f78b964847e58] qla2x00_terminate_rport_io at ffffffffc08145eb [qla2xxx]
10 [ff3f78b964847e70] fc_terminate_rport_io at ffffffffc045987e [scsi_transport_fc]
11 [ff3f78b964847e88] process_one_work at ffffffffae914f15
12 [ff3f78b964847ed0] worker_thread at ffffffffae9154c0
13 [ff3f78b964847f10] kthread at ffffffffae91c456
14 [ff3f78b964847f50] ret_from_fork at ffffffffae8036ef

Cc: stable@vger.kernel.org
Fixes: f45bca8c50 ("scsi: qla2xxx: Fix double scsi_done for abort path")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20231030064912.37912-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-11-28 17:07:07 +00:00
..
aacraid scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
aic7xxx scsi: aic79xx: Use __ro_after_init explicitly 2022-09-15 22:01:24 -04:00
aic94xx scsi: aic94xx: Add missing check for dma_map_single() 2023-03-10 09:33:20 +01:00
arcmsr
arm
be2iscsi scsi: be2iscsi: Add length check when parsing nlattrs 2023-09-13 09:42:52 +02:00
bfa scsi: bfa: Remove unneeded flush_workqueue() 2022-04-25 23:38:38 -04:00
bnx2fc scsi: bnx2fc: Avoid using get_cpu() in bnx2fc_cmd_alloc() 2022-05-16 21:26:50 -04:00
bnx2i scsi: iscsi: Fix session removal on shutdown 2022-06-21 21:14:54 -04:00
csiostor scsi: csiostor: Convert sysfs snprintf() to sysfs_emit() 2022-09-15 22:35:21 -04:00
cxgbi treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
cxlflash scsi: cxlflash: Drop DID_ALLOC_FAILURE use 2022-09-06 22:05:59 -04:00
device_handler scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() 2023-03-30 12:49:03 +02:00
elx scsi: elx: libefc: Fix second parameter type in state callbacks 2022-12-31 13:33:05 +01:00
esas2r scsi: esas2r: Use flex array destination for memcpy() 2022-09-06 22:24:37 -04:00
fcoe scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock 2023-09-13 09:42:56 +02:00
fnic scsi: fnic: Replace return codes in fnic_clean_pending_aborts() 2023-08-16 18:27:30 +02:00
hisi_sas scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs 2023-11-28 17:06:59 +00:00
ibmvscsi scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool 2023-11-28 17:06:59 +00:00
ibmvscsi_tgt scsi: ibmvscsi_tgt: Fix repeated words in comment 2022-09-15 22:30:26 -04:00
isci scsi: isci: Fix typo in comment 2022-05-23 23:24:10 -04:00
libfc scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() 2023-11-28 17:07:00 +00:00
libsas scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() 2023-05-11 23:03:42 +09:00
lpfc scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() 2023-09-23 11:11:09 +02:00
megaraid scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers 2023-11-28 17:07:07 +00:00
mpi3mr scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O 2023-07-23 13:49:35 +02:00
mpt3sas scsi: mpt3sas: Fix loop logic 2023-11-28 17:07:07 +00:00
mvsas scsi: mvsas: Add PCI ID of RocketRaid 2640 2022-04-06 22:27:08 -04:00
pcmcia scsi: sym53c500_cs: Stop using struct scsi_pointer 2022-04-06 22:11:52 -04:00
pm8001 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command 2023-10-06 14:56:54 +02:00
qedf scsi: qedf: Add synchronization between I/O completions and abort 2023-10-06 14:56:52 +02:00
qedi scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock 2023-09-13 09:42:24 +02:00
qla2xxx scsi: qla2xxx: Fix system crash due to bad pointer access 2023-11-28 17:07:07 +00:00
qla4xxx scsi: qla4xxx: Add length check when parsing nlattrs 2023-09-13 09:42:52 +02:00
smartpqi scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
snic scsi: snic: Fix double free in snic_tgt_create() 2023-08-30 16:11:12 +02:00
sym53c8xx_2 scsi: sym53c8xx_2: Remove redundant "with" 2022-06-21 21:41:19 -04:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Avoid disabling device if failing to enable it 2022-09-06 22:22:24 -04:00
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() 2023-07-19 16:21:35 +02:00
3w-xxxx.h scsi: 3w-xxxx: Replace one-element array with flexible-array member 2022-09-25 13:06:00 -04:00
53c700.c scsi: 53c700: Check that command slot is not NULL 2023-08-16 18:27:30 +02:00
53c700.h
53c700.scr
53c700_d.h_shipped
BusLogic.c scsi: BusLogic: Remove bus_to_virt() 2022-06-27 22:52:05 -04:00
BusLogic.h
FlashPoint.c scsi: FlashPoint: Remove redundant variable bm_int_st 2022-08-01 19:52:03 -04:00
Kconfig scsi: core: Make SCSI_MOD depend on BLOCK for cleaner .config files 2022-09-25 12:46:59 -04:00
Makefile scsi: dpt_i2o: Remove obsolete driver 2022-06-27 22:56:21 -04:00
NCR5380.c
NCR5380.h
a100u2w.c
a100u2w.h
a2091.c scsi: a2091: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a2091.h
a3000.c scsi: a3000: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c scsi: aha1542: Remove unneeded semicolon 2022-04-25 23:25:11 -04:00
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c
atp870u.c
atp870u.h
bvme6000_scsi.c
ch.c scsi: ch: Do not initialise statics to 0 2022-07-26 22:13:29 -04:00
constants.c
dc395x.c scsi: dc395x: Fix a missing check on list iterator 2022-04-26 08:51:56 -04:00
dc395x.h
dmx3191d.c
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
fdomain_isa.c
fdomain_pci.c
g_NCR5380.c
gvp11.c scsi: gvp11.c: Fix DMA mask calculation error 2022-07-13 23:18:26 -04:00
gvp11.h
hosts.c scsi: core: Use 32-bit hostnum in scsi_host_lookup() 2023-09-13 09:42:56 +02:00
hpsa.c scsi: hpsa: Fix allocation size for scsi_host_alloc() 2023-02-01 08:34:36 +01:00
hpsa.h
hpsa_cmd.h
hptiop.c scsi: hptiop: Use struct_size() helper in code related to struct hpt_iop_request_scsi_command 2022-09-25 13:02:23 -04:00
hptiop.h scsi: hptiop: Replace one-element array with flexible-array member in struct hpt_iop_request_ioctl_command() 2022-09-25 13:04:17 -04:00
imm.c
imm.h
initio.c scsi: initio: Remove redundant assignment to pointer scb 2022-08-31 23:39:57 -04:00
initio.h
ipr.c scsi: ipr: Work around fortify-string warning 2023-03-11 13:55:29 +01:00
ipr.h
ips.c
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: restrict to TCP sockets 2023-10-06 14:56:38 +02:00
iscsi_tcp.h scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-09-25 14:27:47 -04:00
jazz_esp.c
lasi700.c
libiscsi.c scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress 2023-02-09 11:28:12 +01:00
libiscsi_tcp.c scsi: iscsi: Remove iscsi_get_task back_lock requirement 2022-06-21 21:19:23 -04:00
mac53c94.c scsi: mac53c94: Fix warning comparing pointer to 0 2022-04-25 23:23:05 -04:00
mac53c94.h
mac_esp.c
mac_scsi.c
megaraid.c scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS 2023-05-11 23:03:19 +09:00
megaraid.h
mesh.c powerpc/powermac: Remove empty function note_scsi_host() 2022-06-26 10:29:44 +10:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
mvumi.h
myrb.c scsi: myrb: Fix up null pointer access on myrb_cleanup() 2022-05-23 23:24:10 -04:00
myrb.h
myrs.c
myrs.h
ncr53c8xx.c
ncr53c8xx.h
nsp32.c
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c scsi: pmcraid: Fix missing resource cleanup in error case 2022-06-07 22:05:14 -04:00
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c scsi: qla1280: Remove redundant variable 2022-05-19 20:26:21 -04:00
qla1280.h
qlogicfas.c
qlogicfas408.c
qlogicfas408.h
qlogicpti.c scsi: qlogicpti: Fix dma_map_sg() check 2022-09-06 22:14:14 -04:00
qlogicpti.h
raid_class.c scsi: core: raid_class: Remove raid_component_add() 2023-08-30 16:11:12 +02:00
script_asm.pl
scsi.c scsi: core: Improve scsi_vpd_inquiry() checks 2023-04-26 14:28:36 +02:00
scsi_bsg.c
scsi_common.c
scsi_debug.c scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() 2022-12-31 13:32:35 +01:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR 2023-03-30 12:49:21 +02:00
scsi_dh.c
scsi_error.c scsi: core: Fix a race between scsi_done() and scsi_timeout() 2022-12-31 13:32:30 +01:00
scsi_ioctl.c scsi: Use blk_rq_map_user_io helper 2022-09-30 07:51:13 -06:00
scsi_lib.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
scsi_lib_dma.c
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
scsi_proc.c scsi: core: Fix legacy /proc parsing buffer overflow 2023-08-16 18:27:30 +02:00
scsi_sas_internal.h
scsi_scan.c scsi: Do not rescan devices with a suspended queue 2023-10-19 23:08:50 +02:00
scsi_sysctl.c
scsi_sysfs.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage 2022-09-25 12:52:48 -04:00
scsi_transport_iscsi.c scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() 2023-09-13 09:42:51 +02:00
scsi_transport_sas.c scsi: scsi_transport_sas: Fix error handling in sas_phy_add() 2022-11-08 01:52:52 +00:00
scsi_transport_spi.c freezer: Have {,un}lock_system_sleep() save/restore flags 2022-09-07 21:53:48 +02:00
scsi_transport_srp.c
scsicam.c scsicam: Fix use of page cache 2022-05-08 14:28:18 -04:00
sd.c scsi: sd: Introduce manage_shutdown device flag 2023-11-02 09:35:29 +01:00
sd.h scsi: sd: Do not issue commands to suspended disks on shutdown 2023-10-10 22:00:35 +02:00
sd_dif.c scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice 2022-05-02 16:59:11 -04:00
sd_zbc.c scsi: sd: Fix wrong zone_write_granularity value during revalidate 2023-03-17 08:50:27 +01:00
sense_codes.h
ses.c scsi: ses: Handle enclosure with just a primary component gracefully 2023-04-20 12:35:13 +02:00
sg.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sgiwd93.c
sim710.c
sni_53c710.c
sr.c block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
sr.h
sr_ioctl.c scsi: sr: Do not leak information in ioctl 2022-04-18 22:48:31 -04:00
sr_vendor.c
st.c SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
st.h
st_options.h
stex.c scsi: stex: Fix gcc 13 warnings 2023-06-09 10:34:21 +02:00
storvsc_drv.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
sun3_scsi.c
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
vmw_pvscsi.c scsi: vmw_pvscsi: No need to clear memory after a dma_alloc_coherent() call 2022-04-06 23:01:54 -04:00
vmw_pvscsi.h scsi: vmw_pvscsi: Expand vcpuHint to 16 bits 2022-06-07 21:30:56 -04:00
wd33c93.c scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd33c93.h scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd719x.c
wd719x.h
xen-scsifront.c scsi: xen: Drop use of internal host codes 2022-09-06 22:05:58 -04:00
zalon.c
zorro7xx.c
zorro_esp.c