kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/drivers/scsi/qla2xxx
History
Chuck Anderson 36eb8ff672 scsi: qla2xxx: Fix NULL pointer dereference for fcport search 
Crash dump shows following instructions

crash> bt
PID: 0      TASK: ffffffffbe412480  CPU: 0   COMMAND: "swapper/0"
 #0 [ffff891ee0003868] machine_kexec at ffffffffbd063ef1
 #1 [ffff891ee00038c8] __crash_kexec at ffffffffbd12b6f2
 #2 [ffff891ee0003998] crash_kexec at ffffffffbd12c84c
 #3 [ffff891ee00039b8] oops_end at ffffffffbd030f0a
 #4 [ffff891ee00039e0] no_context at ffffffffbd074643
 #5 [ffff891ee0003a40] __bad_area_nosemaphore at ffffffffbd07496e
 #6 [ffff891ee0003a90] bad_area_nosemaphore at ffffffffbd074a64
 #7 [ffff891ee0003aa0] __do_page_fault at ffffffffbd074b0a
 #8 [ffff891ee0003b18] do_page_fault at ffffffffbd074fc8
 #9 [ffff891ee0003b50] page_fault at ffffffffbda01925
    [exception RIP: qlt_schedule_sess_for_deletion+15]
    RIP: ffffffffc02e526f  RSP: ffff891ee0003c08  RFLAGS: 00010046
    RAX: 0000000000000000  RBX: 0000000000000000  RCX: ffffffffc0307847
    RDX: 00000000000020e6  RSI: ffff891edbc377c8  RDI: 0000000000000000
    RBP: ffff891ee0003c18   R8: ffffffffc02f0b20   R9: 0000000000000250
    R10: 0000000000000258  R11: 000000000000b780  R12: ffff891ed9b43000
    R13: 00000000000000f0  R14: 0000000000000006  R15: ffff891edbc377c8
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #10 [ffff891ee0003c20] qla2x00_fcport_event_handler at ffffffffc02853d3 [qla2xxx]
 #11 [ffff891ee0003cf0] __dta_qla24xx_async_gnl_sp_done_333 at ffffffffc0285a1d [qla2xxx]
 #12 [ffff891ee0003de8] qla24xx_process_response_queue at ffffffffc02a2eb5 [qla2xxx]
 #13 [ffff891ee0003e88] qla24xx_msix_rsp_q at ffffffffc02a5403 [qla2xxx]
 #14 [ffff891ee0003ec0] __handle_irq_event_percpu at ffffffffbd0f4c59
 #15 [ffff891ee0003f10] handle_irq_event_percpu at ffffffffbd0f4e02
 #16 [ffff891ee0003f40] handle_irq_event at ffffffffbd0f4e90
 #17 [ffff891ee0003f68] handle_edge_irq at ffffffffbd0f8984
 #18 [ffff891ee0003f88] handle_irq at ffffffffbd0305d5
 #19 [ffff891ee0003fb8] do_IRQ at ffffffffbda02a18
 --- <IRQ stack> ---
 #20 [ffffffffbe403d30] ret_from_intr at ffffffffbda0094e
    [exception RIP: unknown or invalid address]
    RIP: 000000000000001f  RSP: 0000000000000000  RFLAGS: fff3b8c2091ebb3f
    RAX: ffffbba5a0000200  RBX: 0000be8cdfa8f9fa  RCX: 0000000000000018
    RDX: 0000000000000101  RSI: 000000000000015d  RDI: 0000000000000193
    RBP: 0000000000000083   R8: ffffffffbe403e38   R9: 0000000000000002
    R10: 0000000000000000  R11: ffffffffbe56b820  R12: ffff891ee001cf00
    R13: ffffffffbd11c0a4  R14: ffffffffbe403d60  R15: 0000000000000001
    ORIG_RAX: ffff891ee0022ac0  CS: 0000  SS: ffffffffffffffb9
 bt: WARNING: possibly bogus exception frame
 #21 [ffffffffbe403dd8] cpuidle_enter_state at ffffffffbd67c6fd
 #22 [ffffffffbe403e40] cpuidle_enter at ffffffffbd67c907
 #23 [ffffffffbe403e50] call_cpuidle at ffffffffbd0d98f3
 #24 [ffffffffbe403e60] do_idle at ffffffffbd0d9b42
 #25 [ffffffffbe403e98] cpu_startup_entry at ffffffffbd0d9da3
 #26 [ffffffffbe403ec0] rest_init at ffffffffbd81d4aa
 #27 [ffffffffbe403ed0] start_kernel at ffffffffbe67d2ca
 #28 [ffffffffbe403f28] x86_64_start_reservations at ffffffffbe67c675
 #29 [ffffffffbe403f38] x86_64_start_kernel at ffffffffbe67c6eb
 #30 [ffffffffbe403f50] secondary_startup_64 at ffffffffbd0000d5

Fixes: 040036bb0b ("scsi: qla2xxx: Delay loop id allocation at login")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2018-07-10 22:25:03 -04:00
..
Kconfig scsi: qla2xxx: avoid unused-function warning 2017-07-01 17:14:58 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qla_attr.c scsi: qla2xxx: Use zeroing allocator rather than allocator/memset 2018-01-04 01:09:26 -05:00
qla_bsg.c scsi: qla2xxx: Use dma_pool_zalloc() 2018-02-22 20:28:43 -05:00
qla_bsg.h
qla_dbg.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
qla_dbg.h scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump 2017-06-27 21:21:41 -04:00
qla_def.h scsi: qla2xxx: Fix inconsistent DMA mem alloc/free 2018-07-10 22:25:02 -04:00
qla_devtbl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qla_dfs.c scsi: qla2xxx: Add XCB counters to debugfs 2018-01-22 20:03:54 -05:00
qla_fw.h scsi: qla2xxx: Fix session cleanup for N2N 2018-01-03 23:41:06 -05:00
qla_gbl.h scsi: qla2xxx: Move GPSC and GFPNID out of session management 2018-05-08 00:46:11 -04:00
qla_gs.c scsi: qla2xxx: Fix inconsistent DMA mem alloc/free 2018-07-10 22:25:02 -04:00
qla_init.c scsi: qla2xxx: Fix NULL pointer dereference for fcport search 2018-07-10 22:25:03 -04:00
qla_inline.h scsi: qla2xxx: Fix race condition between iocb timeout and initialisation 2018-04-09 21:04:36 -04:00
qla_iocb.c scsi: qla2xxx: Fix race condition between iocb timeout and initialisation 2018-04-09 21:04:36 -04:00
qla_isr.c SCSI fixes on 20180613 2018-06-14 16:35:32 +09:00
qla_mbx.c scsi: qla2xxx: Fix crash on qla2x00_mailbox_command 2018-06-07 21:50:00 -04:00
qla_mid.c scsi: qla2xxx: Fix race condition between iocb timeout and initialisation 2018-04-09 21:04:36 -04:00
qla_mr.c scsi: qla2xxx: Fix race condition between iocb timeout and initialisation 2018-04-09 21:04:36 -04:00
qla_mr.h
qla_nvme.c scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling 2018-03-21 18:38:54 -04:00
qla_nvme.h scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset 2018-03-21 18:38:54 -04:00
qla_nx.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
qla_nx.h scsi: qla2xxx: remove writeq/readq function definitions 2017-06-12 20:48:08 -04:00
qla_nx2.c scsi: qla2xxx: Fix function argument descriptions 2018-02-12 11:43:25 -05:00
qla_nx2.h scsi: qla2xxx: Remove unused symbols 2018-02-12 11:43:24 -05:00
qla_os.c scsi: qla2xxx: Fix kernel crash due to late workqueue allocation 2018-07-10 22:25:02 -04:00
qla_settings.h
qla_sup.c scsi: qla2xxx: Fix function argument descriptions 2018-02-12 11:43:25 -05:00
qla_target.c scsi: qla2xxx: Spinlock recursion in qla_target 2018-06-18 21:02:52 -04:00
qla_target.h scsi: qla2xxx: Fix TMF and Multi-Queue config 2018-05-08 00:46:12 -04:00
qla_tmpl.c scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange Offload 2018-01-03 23:41:05 -05:00
qla_tmpl.h
qla_version.h scsi: qla2xxx: Update driver version to 10.00.00.07-k 2018-05-08 00:46:12 -04:00
tcm_qla2xxx.c treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
tcm_qla2xxx.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00