mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-09 01:59:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi/lpfc
History
James Smart b77e19da56 scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG 
[ Upstream commit 807e7353d8 ]

Kernel is crashing with the following stacktrace:

  BUG: unable to handle kernel NULL pointer dereference at
    00000000000005bc
  IP: lpfc_nvme_register_port+0x1a8/0x3a0 [lpfc]
  ...
  Call Trace:
  lpfc_nlp_state_cleanup+0x2b2/0x500 [lpfc]
  lpfc_nlp_set_state+0xd7/0x1a0 [lpfc]
  lpfc_cmpl_prli_prli_issue+0x1f7/0x450 [lpfc]
  lpfc_disc_state_machine+0x7a/0x1e0 [lpfc]
  lpfc_cmpl_els_prli+0x16f/0x1e0 [lpfc]
  lpfc_sli_sp_handle_rspiocb+0x5b2/0x690 [lpfc]
  lpfc_sli_handle_slow_ring_event_s4+0x182/0x230 [lpfc]
  lpfc_do_work+0x87f/0x1570 [lpfc]
  kthread+0x10d/0x130
  ret_from_fork+0x35/0x40

During target side fault injections, it is possible to hit the
NLP_WAIT_FOR_UNREG case in lpfc_nvme_remoteport_delete. A prior commit
fixed a rebind and delete race condition, but called lpfc_nlp_put
unconditionally. This triggered a deletion and the crash.

Fix by movng nlp_put to inside the NLP_WAIT_FOR_UNREG case, where the nlp
will be being unregistered/removed. Leave the reference if the flag isn't
set.

Link: https://lore.kernel.org/r/20200322181304.37655-8-jsmart2021@gmail.com
Fixes: b15bd3e621 ("scsi: lpfc: Fix nvme remoteport registration race conditions")
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-29 16:31:10 +02:00
..
lpfc.h scsi: lpfc: Cap NPIV vports to 256 2019-12-17 20:35:28 +01:00
lpfc_attr.c scsi: lpfc: Correct topology type reporting on G7 adapters 2019-12-17 20:35:30 +01:00
lpfc_attr.h
lpfc_bsg.c scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func 2020-01-09 10:18:56 +01:00
lpfc_bsg.h
lpfc_compat.h
lpfc_crtn.h
lpfc_ct.c scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN 2019-11-20 18:46:28 +01:00
lpfc_debugfs.c
lpfc_debugfs.h
lpfc_disc.h
lpfc_els.c scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences 2020-01-04 19:12:53 +01:00
lpfc_hbadisc.c scsi: lpfc: Fix discovery failures when target device connectivity bounces 2020-01-04 19:12:35 +01:00
lpfc_hw.h
lpfc_hw4.h
lpfc_ids.h
lpfc_init.c scsi: lpfc: Cap NPIV vports to 256 2019-12-17 20:35:28 +01:00
lpfc_logmsg.h
lpfc_mbox.c scsi: lpfc: Correct topology type reporting on G7 adapters 2019-12-17 20:35:30 +01:00
lpfc_mem.c
lpfc_nl.h
lpfc_nportdisc.c scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices 2020-01-04 19:12:39 +01:00
lpfc_nvme.c scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG 2020-04-29 16:31:10 +02:00
lpfc_nvme.h
lpfc_nvmet.c scsi: lpfc: Fix errors in log messages. 2019-11-20 18:46:29 +01:00
lpfc_nvmet.h scsi: lpfc: Correct localport timeout duration error 2019-11-06 13:05:35 +01:00
lpfc_scsi.c scsi: lpfc: Fix dif and first burst use in write commands 2019-12-05 09:19:48 +01:00
lpfc_scsi.h
lpfc_sli.c scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login 2020-04-29 16:31:10 +02:00
lpfc_sli.h
lpfc_sli4.h scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces 2019-12-01 09:17:26 +01:00
lpfc_version.h
lpfc_vport.c
lpfc_vport.h
Makefile