Tree - rpms/kmod-redhat-qla2xxx

rpms / kmod-redhat-qla2xxx

Files

Commit: 3c6e854155c856474ec1854540d24717a1bbb54d
Blob Blame History Raw
From 81d7cd4d8d5fa46e14666b0e5e8576aebf94d089 Mon Sep 17 00:00:00 2001
From: Himanshu Madhani <hmadhani@redhat.com>
Date: Thu, 21 Nov 2019 16:36:36 -0500
Subject: [PATCH 126/155] [scsi] scsi: qla2xxx: Fix panic from use after free
 in qla2x00_async_tm_cmd

Message-id: <20191121163701.43688-2-hmadhani@redhat.com>
Patchwork-id: 287845
O-Subject: [RHLE 7.8 e-stor PATCH v3 01/26] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
Bugzilla: 1731581
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Ewan Milne <emilne@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>

From: Bill Kuzeja <William.Kuzeja@stratus.com>

Bugzilla 1731581

In qla2x00_async_tm_cmd, we reference off sp after it has been freed.  This
caused a panic on a system running a slub debug kernel. Since fcport is
passed in anyways, just use that instead.

Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
Acked-by: Giridhar Malavali <gmalavali@marvell.com>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 388a49959ee4e4e99f160241d9599efa62cd4299)
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>

[ hmadhani: upstream code when this patch was submitted was before Qpair ]
[ changes were added. RH code has changes for qpair pulled in earlier ]
[ so this patch shows deviation from upstream. However, actual change in ]
[ the patch is applicable and has not been altered ]

Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
Signed-off-by: Jan Stancek <jstancek@redhat.com>
---
 drivers/scsi/qla2xxx/qla_init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
index 661ecb5bc0e4..1c74e8b0e10d 100644
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -1781,13 +1781,13 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint32_t lun,
 
 		/* Issue Marker IOCB */
 		qla2x00_marker(vha, vha->hw->base_qpair,
-		    sp->fcport->loop_id, lun,
+		    fcport->loop_id, lun,
 		    flags == TCF_LUN_RESET ? MK_SYNC_ID_LUN : MK_SYNC_ID);
 	}
 
 done_free_sp:
 	sp->free(sp);
-	sp->fcport->flags &= ~FCF_ASYNC_SENT;
+	fcport->flags &= ~FCF_ASYNC_SENT;
 done:
 	return rval;
 }
-- 
2.13.6
rpms / kmod-redhat-qla2xxx

Source Code

Files
