linux-stable/drivers
Xiubo Li b3743c71b7 tcmu: Fix possbile memory leak / OOPs when recalculating cmd base size
For all the entries allocated from the ring cmd area, the memory is
something like the stack memory, which will always reserve the old
data, so the entry->req.iov_bidi_cnt maybe none zero.

On some environments, the crash could be reproduce very easy and some
not. The following is the crash core trace as reported by Damien:

[  240.143969] CPU: 0 PID: 1285 Comm: iscsi_trx Not tainted 4.12.0-rc1+ #3
[  240.150607] Hardware name: ASUS All Series/H87-PRO, BIOS 2104 10/28/2014
[  240.157331] task: ffff8807de4f5800 task.stack: ffffc900047dc000
[  240.163270] RIP: 0010:memcpy_erms+0x6/0x10
[  240.167377] RSP: 0018:ffffc900047dfc68 EFLAGS: 00010202
[  240.172621] RAX: ffffc9065db85540 RBX: ffff8807f7980000 RCX: 0000000000000010
[  240.179771] RDX: 0000000000000010 RSI: ffff8807de574fe0 RDI: ffffc9065db85540
[  240.186930] RBP: ffffc900047dfd30 R08: ffff8807de41b000 R09: 0000000000000000
[  240.194088] R10: 0000000000000040 R11: ffff8807e9b726f0 R12: 00000006565726b0
[  240.201246] R13: ffffc90007612ea0 R14: 000000065657d540 R15: 0000000000000000
[  240.208397] FS:  0000000000000000(0000) GS:ffff88081fa00000(0000) knlGS:0000000000000000
[  240.216510] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  240.222280] CR2: ffffc9065db85540 CR3: 0000000001c0f000 CR4: 00000000001406f0
[  240.229430] Call Trace:
[  240.231887]  ? tcmu_queue_cmd+0x83c/0xa80
[  240.235916]  ? target_check_reservation+0xcd/0x6f0
[  240.240725]  __target_execute_cmd+0x27/0xa0
[  240.244918]  target_execute_cmd+0x232/0x2c0
[  240.249124]  ? __local_bh_enable_ip+0x64/0xa0
[  240.253499]  iscsit_execute_cmd+0x20d/0x270
[  240.257693]  iscsit_sequence_cmd+0x110/0x190
[  240.261985]  iscsit_get_rx_pdu+0x360/0xc80
[  240.267565]  ? iscsi_target_rx_thread+0x54/0xd0
[  240.273571]  iscsi_target_rx_thread+0x9a/0xd0
[  240.279413]  kthread+0x113/0x150
[  240.284120]  ? iscsi_target_tx_thread+0x1e0/0x1e0
[  240.290297]  ? kthread_create_on_node+0x40/0x40
[  240.296297]  ret_from_fork+0x2e/0x40
[  240.301332] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48
c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48
89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
[  240.321751] RIP: memcpy_erms+0x6/0x10 RSP: ffffc900047dfc68
[  240.328838] CR2: ffffc9065db85540
[  240.333667] ---[ end trace b7e5354cfb54d08b ]---

To fix this, just memset all the entry memory before using it, and
also to be more readable we adjust the bidi code.

Fixed: fe25cc34795(tcmu: Recalculate the tcmu_cmd size to save cmd area
		memories)
Reported-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Tested-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com>
Reported-by: Damien Le Moal <damien.lemoal@wdc.com>
Tested-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Cc: <stable@vger.kernel.org> # 4.12+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2017-07-11 10:47:58 -07:00
..
accessibility
acpi More ACPI updates for v4.12-rc1 2017-05-10 09:35:42 -07:00
amba
android
ata ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
atm
auxdisplay
base More power management updates for v4.12-rc1 2017-05-10 09:12:30 -07:00
bcma
block virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
bluetooth Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() 2017-04-30 12:22:14 +02:00
bus
cdrom
char Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
clk Sort of on the quieter side this time, which is probably due more 2017-05-10 13:38:18 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-12 10:43:25 -07:00
connector
cpufreq Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2017-05-12 09:56:30 -07:00
cpuidle Merge branches 'pm-domains', 'pm-cpuidle', 'pm-sleep' and 'powercap' 2017-05-09 23:21:46 +02:00
crypto virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
dax Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-05-12 15:43:10 -07:00
dca
devfreq
dio
dma dmaengine updates for 4.12-rc1 2017-05-09 15:40:28 -07:00
dma-buf
edac
eisa
extcon
firewire
firmware ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
fmc
fpga
fsi
gpio Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
gpu drm/i915: Make vblank evade warnings optional 2017-05-12 14:28:02 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-05-02 19:09:35 -07:00
hsi
hv char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
hwmon hwmon: (twl4030-madc) drop driver 2017-04-30 11:45:31 -07:00
hwspinlock
hwtracing drivers/hwtracing/intel_th/msu.c: use set_memory.h header 2017-05-08 17:15:14 -07:00
i2c Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
ide ide: don't call memcpy with the same source and destination 2017-05-08 17:36:39 -04:00
idle x86/intel_idle: add Gemini Lake support 2017-05-01 23:17:37 +02:00
iio Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
infiniband iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done 2017-07-06 23:11:35 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-05-13 10:25:05 -07:00
iommu IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
ipack
irqchip Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2017-05-12 09:56:30 -07:00
isdn Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
leds scripts/spelling.txt: add "memory" pattern and fix typos 2017-05-08 17:15:13 -07:00
lguest
lightnvm lightnvm: fix bad back free on error path 2017-05-04 07:53:04 -06:00
macintosh DeviceTree for 4.12: 2017-05-05 19:33:07 -07:00
mailbox
mcb
md mm, vmalloc: use __GFP_HIGHMEM implicitly 2017-05-08 17:15:13 -07:00
media Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
memory MTD updates for 4.12-rc1: 2017-05-11 10:44:22 -07:00
memstick
message
mfd
misc Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
mmc Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
mtd This pull request contains updates for both UBI and UBIFS: 2017-05-13 10:23:12 -07:00
net powerpc updates for 4.12 part 2 2017-05-12 10:04:09 -07:00
nfc
ntb
nubus
nvdimm Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-05-12 15:43:10 -07:00
nvme Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-05-11 11:01:56 -07:00
nvmem ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
of powerpc updates for 4.12 part 2 2017-05-12 10:04:09 -07:00
oprofile
parisc
parport
pci Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
pcmcia Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
perf
phy
pinctrl Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2017-05-02 19:09:35 -07:00
platform char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
pnp
power power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
powercap powercap: intel_rapl: Add support for Gemini Lake 2017-04-28 23:56:16 +02:00
pps
ps3
ptp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-01 16:15:18 -07:00
pwm
rapidio char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
ras
regulator Merge remote-tracking branch 'regulator/topic/vctrl' into regulator-next 2017-04-30 22:17:44 +09:00
remoteproc virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
reset ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
rpmsg virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
rtc RTC for 4.12 2017-05-10 19:37:14 -07:00
s390 virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
sbus
scsi qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT 2017-07-06 23:11:35 -07:00
sfi
sh
sn
soc powerpc updates for 4.12 part 2 2017-05-12 10:04:09 -07:00
spi
spmi
ssb
staging Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
target tcmu: Fix possbile memory leak / OOPs when recalculating cmd base size 2017-07-11 10:47:58 -07:00
tc
tee TEE driver infrastructure and OP-TEE drivers 2017-05-10 11:20:09 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
thunderbolt
tty Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
uio
usb DeviceTree for 4.12: 2017-05-05 19:33:07 -07:00
uwb
vfio powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
vhost vhost/scsi: Don't reinvent the wheel but use existing llist API 2017-06-08 23:26:37 -07:00
video fbdev changes for v4.12: 2017-05-11 11:12:26 -07:00
virt drivers/virt/fsl_hypervisor.c: use get_user_pages_unlocked() 2017-05-08 17:15:10 -07:00
virtio virtio: allow extra context per descriptor 2017-05-02 23:41:43 +03:00
vlynq
vme
w1
watchdog Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
xen xen/scsiback: Make TMF processing slightly faster 2017-07-06 22:58:03 -07:00
zorro
Kconfig
Makefile TEE driver infrastructure and OP-TEE drivers 2017-05-10 11:20:09 -07:00