Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-17 16:43:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
7b898542f6
linux/drivers/scsi/qla2xxx
History
Quinn Tran 7b898542f6 qla2xxx: ABTS cause double free of qla_tgt_cmd +. 
Fix double free problem within qla2xxx driver where
current code prematurely free qla_tgt_cmd while firmware
still has the command.  When firmware release the command
after abort, the code attempt a second free as part of
command completion processing.

When TCM start the free process, NULL pointer was hit.

------
WARNING: CPU: 8 PID: 43613 at lib/list_debug.c:62 __list_del_entry+0x82/0xd0()
list_del corruption. next->prev should be ffff88082b5cfb08, but was 6b6b6b6b6b6b6b6b
CPU: 8 PID: 43613 Comm: kworker/8:0 Tainted: GF       W  O 3.13.0-rc3-nab_t10dif+ #6
Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012
Workqueue: events cache_reap
000000000000003e ffff88081b2e3c78 ffffffff815a051f 000000000000003e
ffff88081b2e3cc8 ffff88081b2e3cb8 ffffffff8104fc2c 0000000000000000
ffff88082b5cfb00 ffff88081c788d00 ffff88082b5d7200 ffff88082b5d3080
Call Trace:
[<ffffffff815a051f>] dump_stack+0x49/0x62
[<ffffffff8104fc2c>] warn_slowpath_common+0x8c/0xc0
[<ffffffff8104fd16>] warn_slowpath_fmt+0x46/0x50
[<ffffffff812b6592>] __list_del_entry+0x82/0xd0
[<ffffffff8106d48c>] process_one_work+0x12c/0x510
[<ffffffff8106d4d3>] ? process_one_work+0x173/0x510
[<ffffffff8106ebdf>] worker_thread+0x11f/0x3a0
[<ffffffff8106eac0>] ? manage_workers+0x170/0x170
[<ffffffff81074f26>] kthread+0xf6/0x120
[<ffffffff8109f103>] ? __lock_release+0x133/0x1b0
[<ffffffff81074e30>] ? __init_kthread_worker+0x70/0x70
[<ffffffff815aec2c>] ret_from_fork+0x7c/0xb0
[<ffffffff81074e30>] ? __init_kthread_worker+0x70/0x70
---[ end trace dfc05c3f7caf8ebe ]---
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff8106d391>] process_one_work+0x31/0x510
-------

Signed-off-by: Quinn Tran <quinn.tran@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2014-05-19 13:31:05 +02:00
..
Kconfig [SCSI] qla2xxx: Update firmware link in Kconfig file. 2013-05-10 07:47:53 -07:00
Makefile [SCSI] qla2xxx: Add support for ISP2071. 2014-03-15 10:18:50 -07:00
qla_attr.c qla2xxx: Add MBC option for fast SFP data access. 2014-05-19 13:31:05 +02:00
qla_bsg.c qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_bsg.h qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_dbg.c qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_dbg.h qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_def.h qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_devtbl.h [SCSI] qla2xxx: fix Kernel Panic with Qlogic 2472 Card. 2009-02-10 11:15:18 -05:00
qla_dfs.c qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_fw.h qla2xxx: Remove mapped vp index iterator macro dead code. 2014-05-19 13:31:05 +02:00
qla_gbl.h qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_gs.c qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_init.c qla2xxx: ISP27xx queue index shadow registers. 2014-05-19 13:31:04 +02:00
qla_inline.h qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_iocb.c qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_isr.c qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_mbx.c qla2xxx: ISP27xx queue index shadow registers. 2014-05-19 13:31:04 +02:00
qla_mid.c qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_mr.c qla2xxx: Adjust adapter reset routine to the changes in firmware specification for ISPFx00. 2014-05-19 13:31:03 +02:00
qla_mr.h qla2xxx: Adjust adapter reset routine to the changes in firmware specification for ISPFx00. 2014-05-19 13:31:03 +02:00
qla_nx2.c qla2xxx: Check the QLA8044_CRB_DRV_ACTIVE_INDEX register when we are not the owner of the reset. 2014-05-19 13:31:04 +02:00
qla_nx2.h qla2xxx: Check the QLA8044_CRB_DRV_ACTIVE_INDEX register when we are not the owner of the reset. 2014-05-19 13:31:04 +02:00
qla_nx.c qla2xxx: Don't check for firmware hung during the reset context for ISP82XX. 2014-05-19 13:31:04 +02:00
qla_nx.h qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_os.c qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_settings.h qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
qla_sup.c qla2xxx: Fix beacon blink logic for ISP26xx/83xx. 2014-05-19 13:31:05 +02:00
qla_target.c qla2xxx: ABTS cause double free of qla_tgt_cmd +. 2014-05-19 13:31:05 +02:00
qla_target.h qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
qla_tmpl.c qla2xxx: ISP27xx queue index shadow registers. 2014-05-19 13:31:04 +02:00
qla_tmpl.h qla2xxx: ISP27xx firmware dump template spec updates (including T274). 2014-05-19 13:31:04 +02:00
qla_version.h qla2xxx: Change copyright year to 2014 in all the source files. 2014-05-19 13:31:02 +02:00
tcm_qla2xxx.c qla2xxx: T10-Dif: add T10-PI support 2014-05-19 13:31:05 +02:00
tcm_qla2xxx.h tcm_qla2xxx: Fix NAA formatted name for NPIV WWPNs 2014-02-20 13:01:17 -08:00