mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Quinn Tran b73377124f scsi: qla2xxx: Fix command flush on cable pull 
commit a27d4d0e7d upstream.

System crash due to command failed to flush back to SCSI layer.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 PGD 0 P4D 0
 Oops: 0000 [#1] SMP NOPTI
 CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-372.9.1.el8.x86_64 #1
 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
 RIP: 0010:__wake_up_common+0x4c/0x190
 Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75
 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000
 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320
 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8
 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20
 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554
 Call Trace:
  __wake_up_common_lock+0x7c/0xc0
  qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]
 qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0
 ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]
 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.
  ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]
 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1
 ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]
 qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0
  ? __switch_to+0x10c/0x450
 ? process_one_work+0x1a7/0x360
 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.
  ? worker_thread+0x1ce/0x390
  ? create_worker+0x1a0/0x1a0
 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70
  ? kthread+0x10a/0x120
 qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8
  ? set_kthread_struct+0x40/0x40
 qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.
  ? ret_from_fork+0x1f/0x40
 qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout

The system was under memory stress where driver was not able to allocate an
SRB to carry out error recovery of cable pull.  The failure to flush causes
upper layer to start modifying scsi_cmnd.  When the system frees up some
memory, the subsequent cable pull trigger another command flush. At this
point the driver access a null pointer when attempting to DMA unmap the
SGL.

Add a check to make sure commands are flush back on session tear down to
prevent the null pointer access.

Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-13 12:50:11 +02:00
..
accessibility
acpi ACPI: scan: Fix device check notification handling 2024-03-26 18:22:35 -04:00
amba amba: bus: fix refcount leak 2023-09-23 10:48:09 +02:00
android binder: signal epoll threads of self-work 2024-02-23 08:12:57 +01:00
ata ahci: asm1064: asm1166: don't limit reported ports 2024-04-13 12:50:08 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-23 08:12:53 +01:00
auxdisplay
base PM: sleep: wakeirq: fix wake irq warning in system suspend 2024-04-13 12:50:05 +02:00
bcma
block loop: loop_set_status_from_info() check before assignment 2024-04-13 12:50:10 +02:00
bluetooth Bluetooth: btmtkuart: fix recv_buf() return value 2024-01-25 14:33:34 -08:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-03-26 18:22:35 -04:00
cdrom
char hwrng: core - Fix page fault dead lock on mmap-ed hwrng 2024-02-23 08:12:40 +01:00
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-13 12:50:05 +02:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2023-11-28 16:46:31 +00:00
connector
cpufreq cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily 2023-12-08 08:43:26 +01:00
cpuidle sched,idle,rcu: Push rcu_idle deeper into the idle path 2023-10-25 11:16:26 +02:00
crypto crypto: qat - resolve race condition during AER recovery 2024-04-13 12:50:04 +02:00
dax
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-23 10:48:10 +02:00
dio
dma dmaengine: shdma: increase size of 'dev_id' 2024-03-01 13:06:09 +01:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-08-30 16:31:56 +02:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 14:33:31 -08:00
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-08-11 11:45:12 +02:00
firewire firewire: core: use long bus reset on gap count error 2024-03-26 18:22:33 -04:00
firmware efivarfs: Request at most 512 bytes for variable names 2024-04-13 12:50:10 +02:00
fmc
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-17 11:13:15 +02:00
fsi fsi: master-ast-cf: Add MODULE_FIRMWARE macro 2023-09-23 10:47:57 +02:00
gnss
gpio gpio: 74x164: Enable output pins after registers are reset 2024-03-06 14:35:23 +00:00
gpu drm/vc4: hdmi: do not return negative values from .get_modes() 2024-04-13 12:50:07 +02:00
hid HID: wacom: Do not register input devices until after hid_hw_start 2024-02-23 08:12:56 +01:00
hsi
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 10:15:28 +02:00
hwmon hwmon: (amc6821) add of_match table 2024-04-13 12:50:06 +02:00
hwspinlock
hwtracing coresight: etm4x: Fix width of CCITMIN field 2024-01-25 14:33:31 -08:00
i2c i2c: s3c24xx: fix transferring more than one message in polling mode 2024-01-25 14:33:39 -08:00
ide treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
idle
iio iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table 2024-01-08 11:27:35 +01:00
infiniband RDMA/srpt: fix function pointer cast warnings 2024-03-01 13:06:10 +01:00
input Input: gpio_keys_polled - suppress deferred probe error for gpio 2024-03-26 18:22:33 -04:00
iommu iommu/amd: Mark interrupt as managed 2024-03-26 18:22:35 -04:00
ipack
irqchip irqchip/irq-brcmstb-l2: Add write memory barrier before exit 2024-02-23 08:12:58 +01:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:13:00 +02:00
leds leds: trigger: panic: Don't register panic notifier if creating the trigger failed 2024-02-23 08:12:50 +01:00
lightnvm
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-17 11:13:18 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-08-11 11:45:13 +02:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 16:46:35 +00:00
md dm-raid: fix lockdep waring in "pers->hot_add_disk" 2024-04-13 12:50:06 +02:00
media media: xc4000: Fix atomicity violation in xc4000_get_frequency 2024-04-13 12:50:03 +02:00
memory
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-08-11 11:45:06 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-05-30 12:42:09 +01:00
mfd mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:22:40 -04:00
misc misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() 2023-11-20 10:29:20 +01:00
mmc mmc: core: Fix switch on gp3 partition 2024-04-13 12:50:06 +02:00
mtd ubi: correct the calculation of fastmap size 2024-04-13 12:50:04 +02:00
mux
net wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach 2024-04-13 12:50:03 +02:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 10:15:31 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-23 10:48:10 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 10:29:18 +01:00
nvme nvme-pci: do not set the NUMA node of device if it has none 2023-10-10 21:44:59 +02:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-08 11:22:16 +01:00
of of: unittest: Fix of_count_phandle_with_args() expected value message 2024-01-25 14:33:36 -08:00
opp
oprofile
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-10 21:44:58 +02:00
parport parport: Add support for Brainboxes IX/UC/PX parallel cards 2023-12-13 17:42:19 +01:00
pci PCI/PM: Drain runtime-idle callbacks before driver removal 2024-04-13 12:50:06 +02:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 10:29:20 +01:00
perf
phy phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP 2024-02-23 08:12:53 +01:00
pinctrl pinctrl: at91-pio4: use dedicated lock class for IRQ 2024-01-08 11:27:34 +01:00
platform platform/x86: intel_telemetry: Fix kernel doc descriptions 2023-12-20 15:38:02 +01:00
pnp PNP: ACPI: fix fortify warning 2024-02-23 08:12:44 +01:00
power power: supply: bq27xxx-i2c: Do not free non existing IRQ 2024-03-06 14:35:23 +00:00
powercap
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 16:46:33 +00:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2023-11-20 10:29:20 +01:00
rapidio
ras
regulator regulator: pwm-regulator: Add validity checks in continuous .get_voltage 2024-03-01 13:06:09 +01:00
remoteproc
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-25 14:33:30 -08:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-02-23 08:12:40 +01:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:22:42 -04:00
s390 s390/zcrypt: fix reference counting on zcrypt card objects 2024-04-13 12:50:07 +02:00
sbus
scsi scsi: qla2xxx: Fix command flush on cable pull 2024-04-13 12:50:11 +02:00
sfi
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-13 12:50:06 +02:00
sn
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-13 12:50:07 +02:00
soundwire
spi spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-26 18:22:43 -04:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-17 11:13:17 +02:00
ssb treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
staging comedi: comedi_test: Prevent timers rescheduling during deletion 2024-04-13 12:50:08 +02:00
target scsi: target: core: Add TMF to tmr_list handling 2024-03-01 13:06:09 +01:00
tc
tee
thermal thermal: core: prevent potential string overflow 2023-11-20 10:29:17 +01:00
thunderbolt thunderbolt: Use const qualifier for `ring_interrupt_index` 2023-04-05 11:15:35 +02:00
tty vt: fix memory overlapping when deleting chars in the buffer 2024-04-13 12:50:09 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-25 14:33:30 -08:00
usb usb: udc: remove warning when queue disabled ep 2024-04-13 12:50:11 +02:00
uwb
vfio vfio/platform: Disable virqfds on cleanup 2024-04-13 12:50:06 +02:00
vhost vhost: use kzalloc() instead of kmalloc() followed by memset() 2024-02-23 08:12:55 +01:00
video backlight: lp8788: Fully initialize backlight_properties during probe 2024-03-26 18:22:41 -04:00
virt
virtio virtio-mmio: fix memory leak of vm_dev 2023-11-08 11:22:15 +01:00
visorbus
vlynq
vme
w1 w1: fix loop in w1_fini() 2023-08-11 11:45:11 +02:00
watchdog watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling 2024-01-25 14:33:36 -08:00
xen xen/events: fix delayed eoi list handling 2023-11-28 16:46:33 +00:00
zorro
Kconfig
Makefile