mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 22:25:03 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi
History
Brian King 3f1c058131 ipr: Fix invalid array indexing for HRRQ 
Fixes another signed / unsigned array indexing bug in the ipr driver.
Currently, when hrrq_index wraps, it becomes a negative number. We
do the modulo, but still have a negative number, so we end up indexing
backwards in the array. Given where the hrrq array is located in memory,
we probably won't actually reference memory we don't own, but nonetheless
ipr is still looking at data within struct ipr_ioa_cfg and interpreting it as
struct ipr_hrr_queue data, so bad things could certainly happen.

Each ipr adapter has anywhere from 1 to 16 HRRQs. By default, we use 2 on new
adapters.  Let's take an example:

Assume ioa_cfg->hrrq_index=0x7fffffffe and ioa_cfg->hrrq_num=4:

The atomic_add_return will then return -1. We mod this with 3 and get -2, add
one and get -1 for an array index.

On adapters which support more than a single HRRQ, we dedicate HRRQ to adapter
initialization and error interrupts so that we can optimize the other queues
for fast path I/O. So all normal I/O uses HRRQ 1-15. So we want to spread the
I/O requests across those HRRQs.

With the default module parameter settings, this bug won't hit, only when
someone sets the ipr.number_of_msix parameter to a value larger than 3 is when
bad things start to happen.

Cc: <stable@vger.kernel.org>
Tested-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Reviewed-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
2015-07-30 10:38:47 -07:00
..
aacraid aacraid: aac_src_intr_message() can be static 2015-05-25 08:46:25 -07:00
aic7xxx aic7xxx: replace kmalloc/memset by kzalloc 2015-04-09 13:22:10 -07:00
aic94xx scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
arcmsr scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
arm scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
be2iscsi be2iscsi : Bump the driver version 2015-05-25 08:57:53 -07:00
bfa bfs: bfad_worker cleanup 2015-04-17 09:04:09 -04:00
bnx2fc Merge remote-tracking branch 'scsi-queue/drivers-for-3.19' into for-linus 2014-12-18 05:56:29 -08:00
bnx2i bnx2i: Fix call trace while device reset 2015-06-02 17:15:24 -07:00
csiostor csiostor: fix an error code in csio_hw_init() 2015-05-25 08:46:26 -07:00
cxgbi libcxgbi: use kvfree() in cxgbi_free_big_mem() 2015-06-30 19:45:00 -07:00
device_handler scsi: fix device handler detach oops 2015-02-02 13:45:28 +01:00
dpt
esas2r SCSI misc on 20150209 2015-02-11 10:28:45 -08:00
fcoe Merge remote-tracking branch 'scsi-queue/drivers-for-3.19' into for-linus 2014-12-18 05:56:29 -08:00
fnic x86/mm: Decouple <linux/vmalloc.h> from <asm/io.h> 2015-06-03 12:02:00 +02:00
ibmvscsi IB/srp: Add 64-bit LUN support 2015-05-18 13:35:56 -04:00
isci scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
libfc scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
libsas Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2015-03-24 17:08:29 -07:00
lpfc SCSI misc on 20150622 2015-06-23 15:55:44 -07:00
megaraid SCSI misc on 20150622 2015-06-23 15:55:44 -07:00
mpt2sas mpt2sas: Bump driver version to 20.100.00.00 2015-01-13 16:27:29 +01:00
mpt3sas mpt2sas, mpt3sas: set cpu affinity for each MSIX vectors 2015-01-13 16:27:28 +01:00
mvsas scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
osd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
pcmcia scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
pm8001 scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
qla2xxx Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
qla4xxx Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
snic snic: driver for Cisco SCSI HBA 2015-06-19 16:57:51 -07:00
sym53c8xx_2 scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
ufs SCSI misc on 20150622 2015-06-23 15:55:44 -07:00
.gitignore
3w-9xxx.c 3w-9xxx: fix command completion race 2015-04-27 10:10:19 -07:00
3w-9xxx.h 3w-9xxx: fix command completion race 2015-04-27 10:10:19 -07:00
3w-sas.c 3w-sas: fix command completion race 2015-04-27 10:04:39 -07:00
3w-sas.h 3w-sas: fix command completion race 2015-04-27 10:04:39 -07:00
3w-xxxx.c 3w-xxxx: fix command completion race 2015-04-27 10:05:55 -07:00
3w-xxxx.h 3w-xxxx: fix command completion race 2015-04-27 10:05:55 -07:00
53c700.c scsi: remove scsi_set_tag_type 2014-12-04 09:57:13 +01:00
53c700.h
53c700.scr
53c700_d.h_shipped
a100u2w.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
a100u2w.h
a2091.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
a2091.h
a3000.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
a3000.h
a4000t.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
advansys.c advansys: fix compilation errors and warnings when CONFIG_PCI is not set 2015-06-13 08:42:36 -07:00
aha152x.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
aha152x.h
aha1542.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
aha1542.h aha1542: fix include guard and remove useless changelog 2015-04-09 18:08:31 -07:00
aha1740.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
aha1740.h scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
am53c974.c am53c974: Fix crash during modprobe 2015-04-17 10:13:56 -07:00
atari_NCR5380.c ncr5380: Harmonize jiffies conversion with msecs_to_jiffies 2015-03-09 10:45:26 -04:00
atari_scsi.c ncr5380: Drop owner assignment from platform_drivers 2015-03-09 07:18:14 -04:00
atp870u.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
atp870u.h scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
BusLogic.c scsi: replace seq_printf with seq_puts 2015-02-02 09:57:45 -08:00
BusLogic.h
bvme6000_scsi.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
ch.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
constants.c scsi: Conditionally compile in constants.c 2015-01-09 15:44:31 +01:00
dc395x.c scsi: print single-character strings with seq_putc 2015-02-02 09:57:46 -08:00
dc395x.h
dmx3191d.c dmx3191d: Use NO_IRQ 2014-11-20 09:11:11 +01:00
dpt_i2o.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
dpti.h scsi: use 64-bit LUNs 2014-07-17 22:07:37 +02:00
dtc.c ncr5380: Drop legacy scsi.h include 2014-11-20 09:11:10 +01:00
dtc.h ncr5380: Remove *_RELEASE macros 2014-11-20 09:11:10 +01:00
eata.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
eata_generic.h
eata_pio.c scsi: replace seq_printf with seq_puts 2015-02-02 09:57:45 -08:00
eata_pio.h
esp_scsi.c esp_scsi: remove check for ESP_MAX_TAGS 2015-01-09 15:44:23 +01:00
esp_scsi.h esp_scsi: correctly detect am53c974 2014-11-24 16:13:16 +01:00
fdomain.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
fdomain.h
FlashPoint.c
g_NCR5380.c ncr5380: Harmonize jiffies conversion with msecs_to_jiffies 2015-03-09 10:45:26 -04:00
g_NCR5380.h ncr5380: Remove *_RELEASE macros 2014-11-20 09:11:10 +01:00
g_NCR5380_mmio.c
gdth.c scsi: rename SERVICE_ACTION_IN to SERVICE_ACTION_IN_16 2014-11-24 20:01:40 +01:00
gdth.h
gdth_ioctl.h
gdth_proc.c scsi: replace seq_printf with seq_puts 2015-02-02 09:57:45 -08:00
gdth_proc.h
gvp11.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
gvp11.h
hosts.c scsi: remove ordered_tag host template field 2014-11-12 11:19:41 +01:00
hpsa.c hpsa: change driver version 2015-05-31 17:48:35 -07:00
hpsa.h hpsa: cleanup reset 2015-05-31 17:47:31 -07:00
hpsa_cmd.h hpsa: cleanup reset 2015-05-31 17:47:31 -07:00
hptiop.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
hptiop.h
imm.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
imm.h
in2000.c scsi: print single-character strings with seq_putc 2015-02-02 09:57:46 -08:00
in2000.h
initio.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
initio.h
ipr.c ipr: Fix invalid array indexing for HRRQ 2015-07-30 10:38:47 -07:00
ipr.h ipr: Fix incorrect trace indexing 2015-07-30 10:38:00 -07:00
ips.c ips: remove pointless #warning 2015-06-02 17:24:54 -07:00
ips.h
iscsi_boot_sysfs.c [SCSI] iscsi_boot_sysfs: Fix a memory leak in iscsi_boot_destroy_kset() 2014-03-15 10:19:19 -07:00
iscsi_tcp.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
iscsi_tcp.h net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
jazz_esp.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
Kconfig SCSI misc on 20150622 2015-06-23 15:55:44 -07:00
lasi700.c
libiscsi.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
libiscsi_tcp.c [SCSI] libiscsi: Reduce locking contention in fast path 2014-03-15 10:19:18 -07:00
mac53c94.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
mac53c94.h
mac_esp.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
mac_scsi.c ncr5380: Drop owner assignment from platform_drivers 2015-03-09 07:18:14 -04:00
Makefile snic: driver for Cisco SCSI HBA 2015-06-19 16:57:51 -07:00
megaraid.c scsi: replace seq_printf with seq_puts 2015-02-02 09:57:45 -08:00
megaraid.h [SCSI] megaraid: simplify internal command handling 2014-03-27 08:26:31 -07:00
mesh.c powerpc: Move Power Macintosh drivers to generic byteswappers 2015-03-23 14:29:40 +11:00
mesh.h
mvme16x_scsi.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
mvme147.c
mvme147.h
mvumi.c PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use 2014-08-12 12:15:14 -06:00
mvumi.h
ncr53c8xx.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
ncr53c8xx.h scsi: Remove CONFIG_SCSI_MULTI_LUN 2014-07-17 22:07:35 +02:00
NCR53c406a.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
NCR5380.c ncr5380: Harmonize jiffies conversion with msecs_to_jiffies 2015-03-09 10:45:26 -04:00
NCR5380.h atari_NCR5380: Move static co-routine variables to host data 2014-11-20 09:11:20 +01:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
nsp32.h
nsp32_debug.c
nsp32_io.h
osst.c scsi: remove scsi_driver owner field 2014-11-24 20:01:28 +01:00
osst.h
osst_detect.h
osst_options.h
pas16.c ncr5380: Drop legacy scsi.h include 2014-11-20 09:11:10 +01:00
pas16.h ncr5380: Remove *_RELEASE macros 2014-11-20 09:11:10 +01:00
pmcraid.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-02-10 20:01:30 -08:00
pmcraid.h
ppa.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
ppa.h
ps3rom.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
qla1280.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
qla1280.h
qlogicfas.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
qlogicfas408.c
qlogicfas408.h
qlogicpti.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi.c Move code that is used both by initiator and target drivers 2015-06-01 07:32:43 -07:00
scsi.h
scsi_common.c Move code that is used both by initiator and target drivers 2015-06-01 07:32:43 -07:00
scsi_debug.c drivers/scsi/scsi_debug.c: resolve sg buffer const-ness issue 2015-06-30 19:44:59 -07:00
scsi_devinfo.c SCSI: add 1024 max sectors black list flag 2015-04-27 09:38:06 -07:00
scsi_error.c Move code that is used both by initiator and target drivers 2015-06-01 07:32:43 -07:00
scsi_ioctl.c scsi: return EAGAIN when resetting a device under EH 2014-11-12 11:16:12 +01:00
scsi_lib.c Defer processing of REQ_PREEMPT requests for blocked devices 2015-04-08 09:41:41 -07:00
scsi_lib_dma.c
scsi_logging.c scsi_logging: return void for dev_printk() functions 2015-02-04 08:00:24 -08:00
scsi_logging.h scsi: simplify scsi_log_(send|completion) 2014-11-12 11:16:05 +01:00
scsi_module.c
scsi_netlink.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-04-24 13:44:54 -04:00
scsi_pm.c SCSI / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM 2014-12-15 15:11:06 +01:00
scsi_priv.h SCSI / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM 2014-12-15 15:11:06 +01:00
scsi_proc.c scsi: print single-character strings with seq_putc 2015-02-02 09:57:46 -08:00
scsi_sas_internal.h
scsi_scan.c Move code that is used both by initiator and target drivers 2015-06-01 07:32:43 -07:00
scsi_sysctl.c scsi: convert use of typedef ctl_table to struct ctl_table 2014-06-06 16:08:16 -07:00
scsi_sysfs.c scsi: fix host max depth checking for the 'queue_depth' sysfs interface 2015-07-16 16:09:53 +03:00
scsi_trace.c scsi: print single-character strings with seq_putc 2015-02-02 09:57:46 -08:00
scsi_transport_api.h
scsi_transport_fc.c scsi_transport_fc: Add support for 25Gbit speed 2015-04-10 07:40:32 -07:00
scsi_transport_iscsi.c iscsi: Fix iscsi endpoints leak 2015-06-02 17:26:32 -07:00
scsi_transport_sas.c scsi: use 64-bit LUNs 2014-07-17 22:07:37 +02:00
scsi_transport_spi.c scsi: remove MSG_*_TAG defines 2014-12-04 09:58:33 +01:00
scsi_transport_srp.c scsi_transport_srp: Reduce failover time 2015-05-18 13:35:55 -04:00
scsi_typedefs.h
scsicam.c scsi: PC partition tables are little endian 2014-11-12 11:15:54 +01:00
sd.c sd: fix an error return in probe() 2015-05-25 08:46:24 -07:00
sd.h scsi: introduce sdev_prefix_printk() 2014-11-12 11:15:57 +01:00
sd_dif.c sd: Fix missing ATO tag check 2015-04-16 10:37:12 -07:00
ses.c ses: Add power_status to SES device slot 2015-01-09 15:44:19 +01:00
sg.c sg_start_req(): use import_iovec() 2015-04-11 22:27:14 -04:00
sgiwd93.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
sim710.c
sni_53c710.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
sr.c scsi: remove scsi_driver owner field 2014-11-24 20:01:28 +01:00
sr.h scsi: introduce sdev_prefix_printk() 2014-11-12 11:15:57 +01:00
sr_ioctl.c sr: reduce debug noise in sr_do_ioctl 2015-01-20 19:43:24 +01:00
sr_vendor.c scsi: Implement sr_printk() 2014-07-17 22:07:39 +02:00
st.c st: null pointer dereference panic caused by use after kref_put by st_open 2015-07-16 15:32:32 +03:00
st.h st: implement tape statistics 2015-06-02 08:03:25 -07:00
st_options.h
stex.c scsi: don't force tagged_supported in drivers 2014-11-12 11:19:44 +01:00
storvsc_drv.c storvsc: Set the SRB flags correctly when no data transfer is needed 2015-05-11 09:46:41 -07:00
sun3_scsi.c ncr5380: Drop owner assignment from platform_drivers 2015-03-09 07:18:14 -04:00
sun3_scsi.h sun3_scsi: Move macro definitions 2014-11-20 09:11:15 +01:00
sun3_scsi_vme.c scsi/NCR5380: merge sun3_scsi_vme.c into sun3_scsi.c 2014-05-28 12:16:28 +02:00
sun3x_esp.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
sun_esp.c scsi: drop owner assignment from platform_drivers 2014-10-20 16:21:33 +02:00
sym53c416.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
sym53c416.h
t128.c ncr5380: Drop legacy scsi.h include 2014-11-20 09:11:10 +01:00
t128.h ncr5380: Remove *_RELEASE macros 2014-11-20 09:11:10 +01:00
u14-34f.c scsi: drop reason argument from ->change_queue_depth 2014-11-24 14:45:27 +01:00
ultrastor.c
ultrastor.h
virtio_scsi.c virtio_scsi: don't select CONFIG_BLK_DEV_INTEGRITY 2015-05-25 09:14:47 -07:00
vmw_pvscsi.c vmw_pscsi: simplify ->change_queue_depth 2014-11-24 14:45:28 +01:00
vmw_pvscsi.h PCI: Move PCI_VENDOR_ID_VMWARE to pci_ids.h 2014-09-24 11:52:09 -06:00
wd33c93.c scsi: print single-character strings with seq_putc 2015-02-02 09:57:46 -08:00
wd33c93.h
wd719x.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
wd719x.h scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
wd7000.c scsi: replace seq_printf with seq_puts 2015-02-02 09:57:45 -08:00
xen-scsifront.c xenbus_client: Extend interface to support multi-page ring 2015-04-15 10:56:47 +01:00
zalon.c
zorro7xx.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00