|
 |
3c6e85 |
From 81d7cd4d8d5fa46e14666b0e5e8576aebf94d089 Mon Sep 17 00:00:00 2001
|
|
|
3c6e85 |
From: Himanshu Madhani <hmadhani@redhat.com>
|
|
|
3c6e85 |
Date: Thu, 21 Nov 2019 16:36:36 -0500
|
|
|
3c6e85 |
Subject: [PATCH 126/155] [scsi] scsi: qla2xxx: Fix panic from use after free
|
|
|
3c6e85 |
in qla2x00_async_tm_cmd
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Message-id: <20191121163701.43688-2-hmadhani@redhat.com>
|
|
|
3c6e85 |
Patchwork-id: 287845
|
|
|
3c6e85 |
O-Subject: [RHLE 7.8 e-stor PATCH v3 01/26] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
|
|
|
3c6e85 |
Bugzilla: 1731581
|
|
|
3c6e85 |
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
|
|
|
3c6e85 |
RH-Acked-by: Ewan Milne <emilne@redhat.com>
|
|
|
3c6e85 |
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
|
|
|
3c6e85 |
|
|
|
3c6e85 |
From: Bill Kuzeja <William.Kuzeja@stratus.com>
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Bugzilla 1731581
|
|
|
3c6e85 |
|
|
|
3c6e85 |
In qla2x00_async_tm_cmd, we reference off sp after it has been freed. This
|
|
|
3c6e85 |
caused a panic on a system running a slub debug kernel. Since fcport is
|
|
|
3c6e85 |
passed in anyways, just use that instead.
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
|
|
|
3c6e85 |
Acked-by: Giridhar Malavali <gmalavali@marvell.com>
|
|
|
3c6e85 |
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
|
|
|
3c6e85 |
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
|
3c6e85 |
(cherry picked from commit 388a49959ee4e4e99f160241d9599efa62cd4299)
|
|
|
3c6e85 |
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
|
|
|
3c6e85 |
|
|
|
3c6e85 |
[ hmadhani: upstream code when this patch was submitted was before Qpair ]
|
|
|
3c6e85 |
[ changes were added. RH code has changes for qpair pulled in earlier ]
|
|
|
3c6e85 |
[ so this patch shows deviation from upstream. However, actual change in ]
|
|
|
3c6e85 |
[ the patch is applicable and has not been altered ]
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
|
|
|
3c6e85 |
Signed-off-by: Jan Stancek <jstancek@redhat.com>
|
|
|
3c6e85 |
---
|
|
|
3c6e85 |
drivers/scsi/qla2xxx/qla_init.c | 4 ++--
|
|
|
3c6e85 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
3c6e85 |
|
|
|
3c6e85 |
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
|
|
|
3c6e85 |
index 661ecb5bc0e4..1c74e8b0e10d 100644
|
|
|
3c6e85 |
--- a/drivers/scsi/qla2xxx/qla_init.c
|
|
|
3c6e85 |
+++ b/drivers/scsi/qla2xxx/qla_init.c
|
|
|
3c6e85 |
@@ -1781,13 +1781,13 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint32_t lun,
|
|
|
3c6e85 |
|
|
|
3c6e85 |
/* Issue Marker IOCB */
|
|
|
3c6e85 |
qla2x00_marker(vha, vha->hw->base_qpair,
|
|
|
3c6e85 |
- sp->fcport->loop_id, lun,
|
|
|
3c6e85 |
+ fcport->loop_id, lun,
|
|
|
3c6e85 |
flags == TCF_LUN_RESET ? MK_SYNC_ID_LUN : MK_SYNC_ID);
|
|
|
3c6e85 |
}
|
|
|
3c6e85 |
|
|
|
3c6e85 |
done_free_sp:
|
|
|
3c6e85 |
sp->free(sp);
|
|
|
3c6e85 |
- sp->fcport->flags &= ~FCF_ASYNC_SENT;
|
|
|
3c6e85 |
+ fcport->flags &= ~FCF_ASYNC_SENT;
|
|
|
3c6e85 |
done:
|
|
|
3c6e85 |
return rval;
|
|
|
3c6e85 |
}
|
|
|
3c6e85 |
--
|
|
|
3c6e85 |
2.13.6
|
|
|
3c6e85 |
|