mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi
History
Nick Black 54155ed419 scsi: iscsi: Don't destroy session if there are outstanding connections 
A faulty userspace that calls destroy_session() before destroying the
connections can trigger the failure.  This patch prevents the issue by
refusing to destroy the session if there are outstanding connections.

------------[ cut here ]------------
kernel BUG at mm/slub.c:306!
invalid opcode: 0000 [#1] SMP PTI
CPU: 1 PID: 1224 Comm: iscsid Not tainted 5.4.0-rc2.iscsi+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__slab_free+0x181/0x350
[...]
[ 1209.686056] RSP: 0018:ffffa93d4074fae0 EFLAGS: 00010246
[ 1209.686694] RAX: ffff934efa5ad800 RBX: 000000008010000a RCX: ffff934efa5ad800
[ 1209.687651] RDX: ffff934efa5ad800 RSI: ffffeb4041e96b00 RDI: ffff934efd402c40
[ 1209.688582] RBP: ffffa93d4074fb80 R08: 0000000000000001 R09: ffffffffbb5dfa26
[ 1209.689425] R10: ffff934efa5ad800 R11: 0000000000000001 R12: ffffeb4041e96b00
[ 1209.690285] R13: ffff934efa5ad800 R14: ffff934efd402c40 R15: 0000000000000000
[ 1209.691213] FS:  00007f7945dfb540(0000) GS:ffff934efda80000(0000) knlGS:0000000000000000
[ 1209.692316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1209.693013] CR2: 000055877fd3da80 CR3: 0000000077384000 CR4: 00000000000006e0
[ 1209.693897] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1209.694773] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1209.695631] Call Trace:
[ 1209.695957]  ? __wake_up_common_lock+0x8a/0xc0
[ 1209.696712]  iscsi_pool_free+0x26/0x40
[ 1209.697263]  iscsi_session_teardown+0x2f/0xf0
[ 1209.698117]  iscsi_sw_tcp_session_destroy+0x45/0x60
[ 1209.698831]  iscsi_if_rx+0xd88/0x14e0
[ 1209.699370]  netlink_unicast+0x16f/0x200
[ 1209.699932]  netlink_sendmsg+0x21a/0x3e0
[ 1209.700446]  sock_sendmsg+0x4f/0x60
[ 1209.700902]  ___sys_sendmsg+0x2ae/0x320
[ 1209.701451]  ? cp_new_stat+0x150/0x180
[ 1209.701922]  __sys_sendmsg+0x59/0xa0
[ 1209.702357]  do_syscall_64+0x52/0x160
[ 1209.702812]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1209.703419] RIP: 0033:0x7f7946433914
[...]
[ 1209.706084] RSP: 002b:00007fffb99f2378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1209.706994] RAX: ffffffffffffffda RBX: 000055bc869eac20 RCX: 00007f7946433914
[ 1209.708082] RDX: 0000000000000000 RSI: 00007fffb99f2390 RDI: 0000000000000005
[ 1209.709120] RBP: 00007fffb99f2390 R08: 000055bc84fe9320 R09: 00007fffb99f1f07
[ 1209.710110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000038
[ 1209.711085] R13: 000055bc8502306e R14: 0000000000000000 R15: 0000000000000000
 Modules linked in:
 ---[ end trace a2d933ede7f730d8 ]---

Link: https://lore.kernel.org/r/20191226203148.2172200-1-krisman@collabora.com
Signed-off-by: Nick Black <nlb@google.com>
Co-developed-by: Salman Qazi <sqazi@google.com>
Signed-off-by: Salman Qazi <sqazi@google.com>
Co-developed-by: Junho Ryu <jayr@google.com>
Signed-off-by: Junho Ryu <jayr@google.com>
Co-developed-by: Khazhismel Kumykov <khazhy@google.com>
Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
Co-developed-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2020-01-15 22:48:34 -05:00
..
aacraid treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
aic7xxx scsi: aic7xxx: Adjust indentation in ahc_find_syncrate 2019-12-19 22:08:55 -05:00
aic94xx compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
arcmsr scsi: arcmsr: fix indentation issues 2019-11-19 21:37:34 -05:00
arm scsi: Fix various misspellings of "connect" 2019-10-24 21:22:32 -04:00
be2iscsi treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
bfa scsi: bfa: Make restart_bfa static 2019-09-30 23:59:53 -04:00
bnx2fc scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() 2019-11-19 22:31:18 -05:00
bnx2i scsi: bnx2i: fix potential use after free 2019-11-19 21:37:34 -05:00
csiostor scsi: csiostor: Adjust indentation in csio_device_reset 2019-12-19 22:42:44 -05:00
cxgbi SCSI fixes on 20191227 2019-12-27 17:28:41 -08:00
cxlflash SCSI misc on 20191130 2019-12-02 13:37:02 -08:00
device_handler SCSI fixes on 20191101 2019-11-07 06:43:18 -07:00
dpt
esas2r SCSI misc on 20191130 2019-12-02 13:37:02 -08:00
fcoe SCSI misc on 20190919 2019-09-21 10:50:15 -07:00
fnic scsi: fnic: fix use after free 2019-11-06 00:04:02 -05:00
hisi_sas compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
ibmvscsi SCSI misc on 20190919 2019-09-21 10:50:15 -07:00
ibmvscsi_tgt scsi: ibmvscsi_tgt: remove set but not used variables 'iue' and 'sd' 2019-12-19 22:08:54 -05:00
isci compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
libfc
libsas scsi: libsas: Tidy SAS address print format 2019-12-21 13:42:42 -05:00
lpfc scsi: lpfc: Make lpfc_defer_acc_rsp static 2020-01-10 01:23:47 -05:00
megaraid SCSI misc on 20191207 2019-12-08 12:23:42 -08:00
mpt3sas block, scsi: final compat_ioctl cleanup 2020-01-10 00:14:46 -05:00
mvsas compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
pcmcia scsi: nsp_cs: enable compile-testing on 64-bit 2019-11-12 22:21:34 -05:00
pm8001 compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
qedf scsi: Fix various misspellings of "connect" 2019-10-24 21:22:32 -04:00
qedi scsi: Fix various misspellings of "connect" 2019-10-24 21:22:32 -04:00
qla2xxx scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions 2020-01-02 21:53:31 -05:00
qla4xxx scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free 2019-12-19 22:08:55 -05:00
smartpqi treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
snic
sym53c8xx_2 scsi: sym53c8xx: fix typos in comments 2019-12-19 22:08:54 -05:00
ufs scsi: ufs-mediatek: add apply_dev_quirks variant operation 2020-01-15 22:23:13 -05:00
.gitignore
3w-9xxx.c
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c compat_ioctl: move more drivers to compat_ptr_ioctl 2019-10-23 17:23:44 +02:00
3w-xxxx.h
53c700.c
53c700.h
53c700.scr
53c700_d.h_shipped
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c scsi: Use pr_warn instead of pr_warning 2019-10-18 15:01:54 +02:00
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE 2019-11-12 22:21:34 -05:00
atp870u.c scsi: core: Clean up SG_NONE 2019-11-12 22:21:35 -05:00
atp870u.h
BusLogic.c scsi: BusLogic: use %lX for unsigned long rather than %X 2020-01-15 22:19:49 -05:00
BusLogic.h
bvme6000_scsi.c
ch.c compat_ioctl: scsi: move ioctl handling into drivers 2020-01-03 09:42:32 +01:00
constants.c
dc395x.c
dc395x.h
dmx3191d.c
dpt_i2o.c
dpti.h
esp_scsi.c scsi: esp_scsi: Add support for FSC chip 2019-12-19 22:08:51 -05:00
esp_scsi.h scsi: esp_scsi: Add support for FSC chip 2019-12-19 22:08:51 -05:00
fdomain.c
fdomain.h
fdomain_isa.c
fdomain_pci.c
FlashPoint.c
g_NCR5380.c
gdth.c
gdth.h
gdth_ioctl.h
gdth_proc.c
gdth_proc.h
gvp11.c
gvp11.h
hosts.c scsi: core: avoid host-wide host_busy counter for scsi_mq 2019-11-01 20:12:50 -04:00
hpsa.c SCSI fixes on 20191101 2019-11-07 06:43:18 -07:00
hpsa.h
hpsa_cmd.h
hptiop.c
hptiop.h
imm.c
imm.h
initio.c scsi: initio: make initio_state_7() static 2019-12-19 22:08:54 -05:00
initio.h
ipr.c compat_ioctl: scsi: handle HDIO commands from drivers 2020-01-03 09:42:52 +01:00
ipr.h
ips.c scsi: ips: make array 'options' static const, makes object smaller 2019-09-30 22:46:40 -04:00
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi: Don't destroy session if there are outstanding connections 2020-01-15 22:48:34 -05:00
iscsi_tcp.h
jazz_esp.c
Kconfig SCSI fixes on 20191101 2019-11-07 06:43:18 -07:00
lasi700.c
libiscsi.c scsi: iscsi: Fix a potential deadlock in the timeout handler 2019-12-09 19:19:28 -05:00
libiscsi_tcp.c
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE 2019-11-12 22:21:34 -05:00
Makefile
megaraid.c scsi: megaraid: disable device when probe failed after enabled device 2019-09-23 23:09:42 -04:00
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
mvumi.h
myrb.c
myrb.h scsi: mylex: Use the correct style for SPDX License Identifier 2020-01-02 21:57:44 -05:00
myrs.c
myrs.h scsi: mylex: Use the correct style for SPDX License Identifier 2020-01-02 21:57:44 -05:00
ncr53c8xx.c scsi: Fix various misspellings of "connect" 2019-10-24 21:22:32 -04:00
ncr53c8xx.h
NCR5380.c scsi: NCR5380: Add disconnect_mask module parameter 2019-11-19 21:37:34 -05:00
NCR5380.h
nsp32.c scsi: Fix various misspellings of "connect" 2019-10-24 21:22:32 -04:00
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c compat_ioctl: move more drivers to compat_ptr_ioctl 2019-10-23 17:23:44 +02:00
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c
qla1280.h
qlogicfas.c
qlogicfas408.c
qlogicfas408.h
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi.c SCSI misc on 20191130 2019-12-02 13:37:02 -08:00
scsi.h
scsi_common.c
scsi_debug.c scsi: scsi_debug: num_tgts must be >= 0 2019-11-19 21:37:34 -05:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c
scsi_dh.c
scsi_error.c scsi: core: save/restore command resid for error handling 2019-10-03 21:43:04 -04:00
scsi_ioctl.c compat_ioctl: add scsi_compat_ioctl 2020-01-03 09:33:18 +01:00
scsi_lib.c scsi: core: Adjust DBD setting in MODE SENSE for caching mode page per LLD 2019-12-19 22:08:52 -05:00
scsi_lib_dma.c
scsi_logging.c scsi: core: Log SCSI command age with errors 2019-09-30 23:07:16 -04:00
scsi_logging.h scsi: core: Fix a compiler warning triggered by the SCSI logging code 2019-12-19 22:08:54 -05:00
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: core: avoid host-wide host_busy counter for scsi_mq 2019-11-01 20:12:50 -04:00
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c
scsi_sysctl.c
scsi_sysfs.c SCSI misc on 20191130 2019-12-02 13:37:02 -08:00
scsi_trace.c scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) 2019-11-06 00:06:03 -05:00
scsi_transport_api.h
scsi_transport_fc.c
scsi_transport_iscsi.c scsi: iscsi: Don't destroy session if there are outstanding connections 2020-01-15 22:48:34 -05:00
scsi_transport_sas.c scsi: scsi_transport_sas: Fix memory leak when removing devices 2019-11-21 21:12:39 -05:00
scsi_transport_spi.c
scsi_transport_srp.c
scsicam.c
sd.c compat_ioctl: scsi: move ioctl handling into drivers 2020-01-03 09:42:32 +01:00
sd.h SCSI misc on 20191207 2019-12-08 12:23:42 -08:00
sd_dif.c
sd_zbc.c scsi: sd_zbc: Rename sd_zbc_check_zones() 2020-01-02 21:53:31 -05:00
sense_codes.h
ses.c
sg.c compat_ioctl: scsi: move ioctl handling into drivers 2020-01-03 09:42:32 +01:00
sgiwd93.c
sim710.c
sni_53c710.c scsi: sni_53c710: fix compilation error 2019-10-09 23:35:42 -04:00
sr.c compat_ioctl: move cdrom commands into cdrom.c 2020-01-03 09:42:52 +01:00
sr.h
sr_ioctl.c
sr_vendor.c sr_vendor: support Beurer GL50 evo CD-on-a-chip devices. 2019-11-26 13:02:26 -07:00
st.c compat_ioctl: scsi: move ioctl handling into drivers 2020-01-03 09:42:32 +01:00
st.h
st_options.h
stex.c
storvsc_drv.c scsi: storvsc: Add the support of hibernation 2019-11-21 20:10:44 -05:00
sun3_scsi.c scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE 2019-11-12 22:21:34 -05:00
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c
vmw_pvscsi.c scsi: vmw_pvscsi: Silence dma mapping errors 2019-12-19 22:42:44 -05:00
vmw_pvscsi.h
wd33c93.c
wd33c93.h
wd719x.c
wd719x.h
xen-scsifront.c
zalon.c
zorro7xx.c
zorro_esp.c scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane) 2019-11-12 22:21:34 -05:00