linux-stable/drivers/s390
Julian Wiedmann 993e42d0f7 s390/qeth: fix tear down of async TX buffers
[ Upstream commit 7ed10e16e5 ]

When qeth_iqd_tx_complete() detects that a TX buffer requires additional
async completion via QAOB, it might fail to replace the queue entry's
metadata (and ends up triggering recovery).

Assume now that the device gets torn down, overruling the recovery.
If the QAOB notification then arrives before the tear down has
sufficiently progressed, the buffer state is changed to
QETH_QDIO_BUF_HANDLED_DELAYED by qeth_qdio_handle_aob().

The tear down code calls qeth_drain_output_queue(), where
qeth_cleanup_handled_pending() will then attempt to replace such a
buffer _again_. If it succeeds this time, the buffer ends up dangling in
its replacement's ->next_pending list ... where it will never be freed,
since there's no further call to qeth_cleanup_handled_pending().

But the second attempt isn't actually needed, we can simply leave the
buffer on the queue and re-use it after a potential recovery has
completed. The qeth_clear_output_buffer() in qeth_drain_output_queue()
will ensure that it's in a clean state again.

Fixes: 72861ae792 ("qeth: recovery through asynchronous delivery")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-12-02 08:49:51 +01:00
..
block s390/dasd: fix null pointer dereference for ERP requests 2020-11-24 13:29:23 +01:00
char s390 updates for the 5.4 merge window 2019-09-17 14:04:43 -07:00
cio s390/irq: replace setup_irq() by request_irq() 2020-10-01 13:17:40 +02:00
crypto s390/pkey: fix paes selftest failure with paes and pkey static build 2020-11-10 12:37:32 +01:00
net s390/qeth: fix tear down of async TX buffers 2020-12-02 08:49:51 +01:00
scsi scsi: zfcp: Fix use-after-free in request timeout handlers 2020-08-26 10:40:52 +02:00
virtio virtio/s390: fix race on airq_areas[] 2019-07-26 13:36:18 +02:00
Makefile s390: remove pointless drivers-y in drivers/s390/Makefile 2019-09-16 13:21:51 +02:00