]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 895d94c) | patch
scsi: qla2xxx: Fix unintialized List head crash
authorQuinn Tran <quinn.tran@cavium.com>
Wed, 18 Jul 2018 21:29:51 +0000 (14:29 -0700)
committerMartin K. Petersen <martin.petersen@oracle.com>
Fri, 20 Jul 2018 02:02:33 +0000 (22:02 -0400)
commit3c6b6ac243a4542931ab00a934706374a8827f14
treec86f7e729878f402f42bf173b7e48dfe22d6a5c3tree | snapshot
parent895d94c8aa75ebdd04ae0d91d7abbc22e78f8025commit | diff
scsi: qla2xxx: Fix unintialized List head crash

In case of IOCB Queue full or system where memory is low and driver
receives large number of RSCN storm, the stale sp pointer can stay on
gpnid_list resulting in page_fault.

This patch fixes this issue by initializing the sp->elem list head and
removing sp->elem before memory is freed.

Following stack trace is seen

 9 [ffff987b37d1bc60] page_fault at ffffffffad516768 [exception RIP: qla24xx_async_gpnid+496]
10 [ffff987b37d1bd10] qla24xx_async_gpnid at ffffffffc039866d [qla2xxx]
11 [ffff987b37d1bd80] qla2x00_do_work at ffffffffc036169c [qla2xxx]
12 [ffff987b37d1be38] qla2x00_do_dpc_all_vps at ffffffffc03adfed [qla2xxx]
13 [ffff987b37d1be78] qla2x00_do_dpc at ffffffffc036458a [qla2xxx]
14 [ffff987b37d1bec8] kthread at ffffffffacebae31

Fixes: 9f2f96a9cf08 ("scsi: qla2xxx: Serialize GPNID for multiple RSCN")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/qla2xxx/qla_gs.c diff | blob | history
drivers/scsi/qla2xxx/qla_inline.h diff | blob | history
Linux Kernel Source Tree.