leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d436de8ce2
linux/drivers
History
Martin Peschke d436de8ce2 [SCSI] zfcp: only access zfcp_scsi_dev for valid scsi_device 
__scsi_remove_device (e.g. due to dev_loss_tmo) calls
zfcp_scsi_slave_destroy which in turn sends a close LUN FSF request to
the adapter. After 30 seconds without response,
zfcp_erp_timeout_handler kicks the ERP thread failing the close LUN
ERP action. zfcp_erp_wait in zfcp_erp_lun_shutdown_wait and thus
zfcp_scsi_slave_destroy returns and then scsi_device is no longer
valid. Sometime later the response to the close LUN FSF request may
finally come in. However, commit
b62a8d9b45
"[SCSI] zfcp: Use SCSI device data zfcp_scsi_dev instead of zfcp_unit"
introduced a number of attempts to unconditionally access struct
zfcp_scsi_dev through struct scsi_device causing a use-after-free.
This leads to an Oops due to kernel page fault in one of:
zfcp_fsf_abort_fcp_command_handler, zfcp_fsf_open_lun_handler,
zfcp_fsf_close_lun_handler, zfcp_fsf_req_trace,
zfcp_fsf_fcp_handler_common.
Move dereferencing of zfcp private data zfcp_scsi_dev allocated in
scsi_device via scsi_transport_reserve_device after the check for
potentially aborted FSF request and thus no longer valid scsi_device.
Only then assign sdev_to_zfcp(sdev) to the local auto variable struct
zfcp_scsi_dev *zfcp_sdev.

Signed-off-by: Martin Peschke <mpeschke@linux.vnet.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> #2.6.37+
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-09-24 12:11:02 +04:00
..
accessibility
acpi Power management fixes for 3.6-rc2 2012-08-12 21:34:09 +03:00
amba Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
ata [SCSI] libsas, ipr: cleanup ata_host flags initialization via ata_host_init 2012-08-24 13:10:24 +04:00
atm drivers/atm/iphase.c: fix error return code 2012-08-06 13:29:57 -07:00
auxdisplay
base PM: Make dev_pm_get_subsys_data() always return 0 on success 2012-08-08 20:49:33 +02:00
bcma bcma: BCM43228 support 2012-08-02 13:51:46 -04:00
block drbd: nuke pdflush from comments 2012-08-04 12:15:39 +04:00
bluetooth Bluetooth: Introduce a flags variable to Three-wire UART state 2012-07-17 14:49:24 -03:00
cdrom
char Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux 2012-08-14 07:52:41 +03:00
clk clk: validate pointer in __clk_disable() 2012-07-30 17:25:13 -07:00
clocksource arm-soc: new SoC support 2012-07-23 16:31:31 -07:00
connector
cpufreq drivers/cpufreq/pcc-cpufreq.c: fix error return code 2012-08-08 20:49:25 +02:00
cpuidle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
crypto This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
dca
devfreq
dio
dma dma: tegra: enable/disable dma clock 2012-08-13 10:15:22 +05:30
edac Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa
extcon MFD bits for the 3.6 merge window. 2012-07-30 12:41:17 -07:00
firewire - Small fixes and optimizations. 2012-07-30 09:32:39 -07:00
firmware This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
gpio GPIO: gpio-pxa: fix building without CONFIG_OF 2012-08-14 07:50:36 +03:00
gpu Merge branch 'drm-nouveau-fixes' of git://git.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes 2012-08-15 20:31:22 +10:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
hsi
hv This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2012-07-30 10:10:26 -07:00
hwspinlock
i2c This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
ide
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
ieee802154
iio
infiniband Merge branches 'cma', 'ipoib', 'ocrdma' and 'qib' into for-next 2012-07-30 07:47:27 -07:00
input Input: eeti_ts: pass gpio value instead of IRQ 2012-08-09 15:16:41 +02:00
iommu iommu/amd: Fix ACS path checking 2012-08-06 18:10:04 +02:00
isdn mISDN: Bugfix for layer2 fixed TEI mode 2012-08-06 13:22:50 -07:00
leds leds: renesas: fix error handling 2012-08-13 14:34:02 +08:00
lguest
macintosh
md Additional md update for 3.6 2012-08-02 11:34:40 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
memory
memstick
message [SCSI] Fusion MPT: disable pci device when mpt map resoures failed 2012-09-14 17:59:29 +01:00
mfd Merge branch 'testing/new-warnings' into fixes 2012-08-10 12:28:57 +02:00
misc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-30 17:25:34 -07:00
mmc Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
mtd arm-soc: bug fixes for v3.6-rc2 2012-08-12 21:31:44 +03:00
net bnx2x: Fix compiler warnings 2012-08-12 13:42:18 -07:00
nfc
nubus
of Devicetree updates for 3.6 2012-07-24 14:07:22 -07:00
oprofile
parisc PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
parport
pci PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
pcmcia Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
pinctrl drivers/pinctrl/pinctrl-nomadik.c: drop devm_kfree of devm_kzalloc'd data 2012-08-07 14:34:12 +02:00
platform platform / x86 / PM: Fix unused function warnings for CONFIG_PM_SLEEP 2012-08-10 14:29:43 +02:00
pnp
power Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
pps pps: return PTR_ERR on error in device_create 2012-07-30 17:25:21 -07:00
ps3
ptp
pwm pwm: pwm-tiehrpwm: PWM driver support for EHRPWM 2012-07-26 07:45:20 +02:00
rapidio
regulator regulator: Fix an s5m8767 build failure 2012-07-31 00:51:09 +02:00
remoteproc A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rpmsg A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rtc RTC: Avoid races between RTC alarm wakeup and suspend. 2012-08-08 20:49:16 +02:00
s390 [SCSI] zfcp: only access zfcp_scsi_dev for valid scsi_device 2012-09-24 12:11:02 +04:00
sbus
scsi [SCSI] Fix incorrect memset in bnx2fc_parse_fcp_rsp 2012-09-24 12:11:00 +04:00
sfi
sh sh: intc: Handle domain association for sparseirq pre-allocated vectors. 2012-08-09 13:21:05 +09:00
sn
spi spi/s3c64xx: improve error handling 2012-08-10 12:27:47 +02:00
ssb
staging Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
target Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
tc
thermal The tag contains just a few battery-related changes for v3.6. It's is 2012-07-31 18:08:25 -07:00
tty serial: sh-sci: fix compilation breakage, when DMA is enabled 2012-08-01 13:48:54 +09:00
uio
usb arm-soc: bug fixes for v3.6-rc2 2012-08-12 21:31:44 +03:00
uwb
vfio vfio: Add PCI device driver 2012-07-31 08:16:24 -06:00
vhost tcm_vhost: Initial merge for vhost level target fabric driver 2012-07-29 13:49:10 -07:00
video fbdev updates for 3.6 2012-08-01 10:45:12 -07:00
virt
virtio [SCSI] virtio-scsi: Add vdrv->scan for post VIRTIO_CONFIG_S_DRIVER_OK LUN scanning 2012-07-20 08:59:03 +01:00
vlynq
vme VME: Prevent D16 cycles being split into 8-bit blocks 2012-07-19 15:39:39 -07:00
w1 Driver core merge for 3.6-rc1 2012-07-26 11:25:33 -07:00
watchdog ARM: arm-soc Marvell Orion device-tree updates 2012-08-02 11:50:24 -07:00
xen PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
zorro
Kconfig vfio: VFIO core 2012-07-31 08:16:22 -06:00
Makefile vfio: VFIO core 2012-07-31 08:16:22 -06:00