android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c1d31266de
android_kernel_xiaomi_sm8450/drivers/scsi/qla2xxx
History
Quinn Tran c1d31266de scsi: qla2xxx: Fix use after free in eh_abort path 
commit 3d33b303d4f3b74a71bede5639ebba3cfd2a2b4d upstream.

In eh_abort path driver prematurely exits the call to upper layer. Check
whether command is aborted / completed by firmware before exiting the call.

9 [ffff8b1ebf803c00] page_fault at ffffffffb0389778
  [exception RIP: qla2x00_status_entry+0x48d]
  RIP: ffffffffc04fa62d  RSP: ffff8b1ebf803cb0  RFLAGS: 00010082
  RAX: 00000000ffffffff  RBX: 00000000000e0000  RCX: 0000000000000000
  RDX: 0000000000000000  RSI: 00000000000013d8  RDI: fffff3253db78440
  RBP: ffff8b1ebf803dd0   R8: ffff8b1ebcd9b0c0   R9: 0000000000000000
  R10: ffff8b1e38a30808  R11: 0000000000001000  R12: 00000000000003e9
  R13: 0000000000000000  R14: ffff8b1ebcd9d740  R15: 0000000000000028
  ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
10 [ffff8b1ebf803cb0] enqueue_entity at ffffffffafce708f
11 [ffff8b1ebf803d00] enqueue_task_fair at ffffffffafce7b88
12 [ffff8b1ebf803dd8] qla24xx_process_response_queue at ffffffffc04fc9a6
[qla2xxx]
13 [ffff8b1ebf803e78] qla24xx_msix_rsp_q at ffffffffc04ff01b [qla2xxx]
14 [ffff8b1ebf803eb0] __handle_irq_event_percpu at ffffffffafd50714

Link: https://lore.kernel.org/r/20210908164622.19240-10-njavali@marvell.com
Fixes: f45bca8c50 ("scsi: qla2xxx: Fix double scsi_done for abort path")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: David Jeffery <djeffery@redhat.com>
Co-developed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-18 14:03:37 +01:00
..
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qla_attr.c scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file 2021-11-18 14:03:37 +01:00
qla_bsg.c scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() 2021-10-27 09:56:55 +02:00
qla_bsg.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_dbg.c scsi: qla2xxx: Fix mailbox Ch erroneous error 2021-03-04 11:37:18 +01:00
qla_dbg.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_def.h scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS 2021-10-06 15:55:45 +02:00
qla_devtbl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qla_dfs.c SCSI misc on 20201023 2020-10-23 16:19:02 -07:00
qla_dsd.h scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h 2019-08-12 21:34:04 -04:00
qla_fw.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_gbl.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_gs.c SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_init.c scsi: qla2xxx: Restore initiator in dual mode 2021-09-30 10:11:04 +02:00
qla_inline.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_iocb.c SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_isr.c scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS 2021-10-06 15:55:45 +02:00
qla_mbx.c scsi: qla2xxx: Fix mailbox Ch erroneous error 2021-03-04 11:37:18 +01:00
qla_mid.c SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_mr.c scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_mr.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_nvme.c scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS 2021-10-06 15:55:45 +02:00
qla_nvme.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_nx2.c SCSI misc on 20201023 2020-10-23 16:19:02 -07:00
qla_nx2.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_nx.c scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() 2021-05-26 12:06:48 +02:00
qla_nx.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_os.c scsi: qla2xxx: Fix use after free in eh_abort path 2021-11-18 14:03:37 +01:00
qla_settings.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_sup.c scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_target.c scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal 2021-06-16 12:01:37 +02:00
qla_target.h scsi: qla2xxx: Fix broken #endif placement 2021-04-07 15:00:05 +02:00
qla_tmpl.c scsi: qla2xxx: Fix crash during driver load on big endian machines 2020-12-30 11:54:23 +01:00
qla_tmpl.h scsi: qla2xxx: Fix crash during driver load on big endian machines 2020-12-30 11:54:23 +01:00
qla_version.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
tcm_qla2xxx.c scsi: Revert "qla2xxx: Make sure that aborted commands are freed" 2021-03-30 14:32:07 +02:00
tcm_qla2xxx.h scsi: qla2xxx: deadlock by configfs_depend_item 2018-12-19 21:26:38 -05:00