scsi: qla2xxx: Fix use after free in eh_abort path
In eh_abort path driver prematurely exits the call to upper layer. Check
whether command is aborted / completed by firmware before exiting the call.
9 [
ffff8b1ebf803c00] page_fault at
ffffffffb0389778
[exception RIP: qla2x00_status_entry+0x48d]
RIP:
ffffffffc04fa62d RSP:
ffff8b1ebf803cb0 RFLAGS:
00010082
RAX:
00000000ffffffff RBX:
00000000000e0000 RCX:
0000000000000000
RDX:
0000000000000000 RSI:
00000000000013d8 RDI:
fffff3253db78440
RBP:
ffff8b1ebf803dd0 R8:
ffff8b1ebcd9b0c0 R9:
0000000000000000
R10:
ffff8b1e38a30808 R11:
0000000000001000 R12:
00000000000003e9
R13:
0000000000000000 R14:
ffff8b1ebcd9d740 R15:
0000000000000028
ORIG_RAX:
ffffffffffffffff CS: 0010 SS: 0018
10 [
ffff8b1ebf803cb0] enqueue_entity at
ffffffffafce708f
11 [
ffff8b1ebf803d00] enqueue_task_fair at
ffffffffafce7b88
12 [
ffff8b1ebf803dd8] qla24xx_process_response_queue at
ffffffffc04fc9a6
[qla2xxx]
13 [
ffff8b1ebf803e78] qla24xx_msix_rsp_q at
ffffffffc04ff01b [qla2xxx]
14 [
ffff8b1ebf803eb0] __handle_irq_event_percpu at
ffffffffafd50714
Link: https://lore.kernel.org/r/20210908164622.19240-10-njavali@marvell.com
Fixes: 503e81946fcf ("scsi: qla2xxx: Fix double scsi_done for abort path")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: David Jeffery <djeffery@redhat.com>
Co-developed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
projects / kernel.git / commit