mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 13:53:33 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi
History
Arun Easi cb4dff4984 scsi: qla2xxx: Fix crash when I/O abort times out 
commit 68ad83188d upstream.

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace:
     qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]
     qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]
     qla_nvme_post_cmd+0x166/0x240 [qla2xxx]
     nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]
     blk_mq_dispatch_rq_list+0x17b/0x610
     __blk_mq_sched_dispatch_requests+0xb0/0x140
     blk_mq_sched_dispatch_requests+0x30/0x60
     __blk_mq_run_hw_queue+0x35/0x90
     __blk_mq_delay_run_hw_queue+0x161/0x180
     blk_execute_rq+0xbe/0x160
     __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]
     nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]
     nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]
     nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]
     process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was
already completed.

Verify that I/O and abort request are indeed outstanding before attempting
completion.

Fixes: 71c80b75ce ("scsi: qla2xxx: Do command completion on abort timeout")
Reported-by: Marco Patalano <mpatalan@redhat.com>
Tested-by: Marco Patalano <mpatalan@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20221129092634.15347-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-31 13:26:53 +01:00
..
aacraid
aic7xxx
aic94xx
arcmsr
arm
be2iscsi
bfa
bnx2fc
bnx2i
csiostor
cxgbi
cxlflash
device_handler
elx scsi: elx: libefc: Fix second parameter type in state callbacks 2022-12-31 13:26:47 +01:00
esas2r
fcoe scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails 2022-12-31 13:26:21 +01:00
fnic
hisi_sas scsi: hisi_sas: Fix SATA devices missing issue during I_T nexus reset 2022-12-31 13:26:21 +01:00
ibmvscsi scsi: ibmvfc: Avoid path failures during live migration 2022-12-02 17:43:00 +01:00
ibmvscsi_tgt
isci
libfc
libsas scsi: libsas: Add smp_ata_check_ready_type() 2022-12-31 13:26:21 +01:00
lpfc scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs 2022-12-31 13:26:47 +01:00
megaraid
mpi3mr scsi: mpi3mr: Suppress command reply debug prints 2022-12-02 17:43:16 +01:00
mpt3sas scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() 2022-12-31 13:26:20 +01:00
mvsas
pcmcia
pm8001 scsi: pm8001: Fix running_req for internal abort commands 2022-10-21 12:38:50 +02:00
qedf
qedi
qla2xxx scsi: qla2xxx: Fix crash when I/O abort times out 2022-12-31 13:26:53 +01:00
qla4xxx
smartpqi scsi: smartpqi: Correct device removal for multi-actuator devices 2022-12-31 13:26:48 +01:00
snic scsi: snic: Fix possible UAF in snic_tgt_create() 2022-12-31 13:26:21 +01:00
sym53c8xx_2
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Avoid disabling device if failing to enable it 2022-10-21 12:39:21 +02:00
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700.c
53c700.h
53c700.scr
53c700_d.h_shipped
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c
atp870u.c
atp870u.h
BusLogic.c
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c
dc395x.c
dc395x.h
dmx3191d.c
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
fdomain_isa.c
fdomain_pci.c
FlashPoint.c
g_NCR5380.c
gvp11.c
gvp11.h
hosts.c
hpsa.c scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() 2022-12-31 13:26:20 +01:00
hpsa.h
hpsa_cmd.h
hptiop.c
hptiop.h
imm.c
imm.h
initio.c
initio.h
ipr.c scsi: ipr: Fix WARNING in ipr_init() 2022-12-31 13:26:21 +01:00
ipr.h
ips.c
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-10-21 12:38:50 +02:00
iscsi_tcp.h scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-10-21 12:38:50 +02:00
jazz_esp.c
Kconfig
lasi700.c
libiscsi.c
libiscsi_tcp.c
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c
Makefile
megaraid.c
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
mvumi.h
myrb.c
myrb.h
myrs.c
myrs.h
ncr53c8xx.c
ncr53c8xx.h
NCR5380.c
NCR5380.h
nsp32.c
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c
qla1280.h
qlogicfas.c
qlogicfas408.c
qlogicfas408.h
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi.c
scsi_bsg.c
scsi_common.c
scsi_debug.c scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() 2022-12-31 13:26:21 +01:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c
scsi_dh.c
scsi_error.c scsi: core: Fix a race between scsi_done() and scsi_timeout() 2022-12-31 13:26:16 +01:00
scsi_ioctl.c
scsi_lib.c
scsi_lib_dma.c
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c
scsi_sysctl.c
scsi_sysfs.c scsi: core: Restrict legal sdev_state transitions via sysfs 2022-11-10 18:17:25 +01:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c
scsi_transport_iscsi.c scsi: iscsi: Fix possible memory leak when device_register() failed 2022-12-02 17:43:16 +01:00
scsi_transport_sas.c scsi: scsi_transport_sas: Fix error handling in sas_phy_add() 2022-11-26 09:27:28 +01:00
scsi_transport_spi.c
scsi_transport_srp.c
scsicam.c
sd.c
sd.h
sd_dif.c
sd_zbc.c
sense_codes.h
ses.c
sg.c
sgiwd93.c
sim710.c
sni_53c710.c
sr.c
sr.h
sr_ioctl.c
sr_vendor.c
st.c
st.h
st_options.h
stex.c
storvsc_drv.c scsi: storvsc: Fix handling of srb_status and capacity change events 2022-12-02 17:43:02 +01:00
sun3_scsi.c
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c
vmw_pvscsi.c
vmw_pvscsi.h
wd33c93.c
wd33c93.h
wd719x.c
wd719x.h
xen-scsifront.c
zalon.c
zorro7xx.c
zorro_esp.c