From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Quinn Tran <qutran@marvell.com>,
Nilesh Javali <njavali@marvell.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 87/94] scsi: qla2xxx: Fix system crash due to bad pointer access
Date: Tue, 5 Dec 2023 12:17:55 +0900 [thread overview]
Message-ID: <20231205031527.649643778@linuxfoundation.org> (raw)
In-Reply-To: <20231205031522.815119918@linuxfoundation.org>
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
[ Upstream commit 19597cad64d608aa8ac2f8aef50a50187a565223 ]
User experiences system crash when running AER error injection. The
perturbation causes the abort-all-I/O path to trigger. The driver assumes
all I/O on this path is FCP only. If there is both NVMe & FCP traffic, a
system crash happens. Add additional check to see if I/O is FCP or not
before access.
PID: 999019 TASK: ff35d769f24722c0 CPU: 53 COMMAND: "kworker/53:1"
0 [ff3f78b964847b58] machine_kexec at ffffffffae86973d
1 [ff3f78b964847ba8] __crash_kexec at ffffffffae9be29d
2 [ff3f78b964847c70] crash_kexec at ffffffffae9bf528
3 [ff3f78b964847c78] oops_end at ffffffffae8282ab
4 [ff3f78b964847c98] exc_page_fault at ffffffffaf2da502
5 [ff3f78b964847cc0] asm_exc_page_fault at ffffffffaf400b62
[exception RIP: qla2x00_abort_srb+444]
RIP: ffffffffc07b5f8c RSP: ff3f78b964847d78 RFLAGS: 00010046
RAX: 0000000000000282 RBX: ff35d74a0195a200 RCX: ff35d76886fd03a0
RDX: 0000000000000001 RSI: ffffffffc07c5ec8 RDI: ff35d74a0195a200
RBP: ff35d76913d22080 R8: ff35d7694d103200 R9: ff35d7694d103200
R10: 0000000100000000 R11: ffffffffb05d6630 R12: 0000000000010000
R13: ff3f78b964847df8 R14: ff35d768d8754000 R15: ff35d768877248e0
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
6 [ff3f78b964847d70] qla2x00_abort_srb at ffffffffc07b5f84 [qla2xxx]
7 [ff3f78b964847de0] __qla2x00_abort_all_cmds at ffffffffc07b6238 [qla2xxx]
8 [ff3f78b964847e38] qla2x00_abort_all_cmds at ffffffffc07ba635 [qla2xxx]
9 [ff3f78b964847e58] qla2x00_terminate_rport_io at ffffffffc08145eb [qla2xxx]
10 [ff3f78b964847e70] fc_terminate_rport_io at ffffffffc045987e [scsi_transport_fc]
11 [ff3f78b964847e88] process_one_work at ffffffffae914f15
12 [ff3f78b964847ed0] worker_thread at ffffffffae9154c0
13 [ff3f78b964847f10] kthread at ffffffffae91c456
14 [ff3f78b964847f50] ret_from_fork at ffffffffae8036ef
Cc: stable@vger.kernel.org
Fixes: f45bca8c5052 ("scsi: qla2xxx: Fix double scsi_done for abort path")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20231030064912.37912-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_os.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index eb6fb78ebefde..6da85ad96c9b8 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1705,8 +1705,16 @@ static void qla2x00_abort_srb(struct qla_qpair *qp, srb_t *sp, const int res,
}
spin_lock_irqsave(qp->qp_lock_ptr, *flags);
- if (ret_cmd && blk_mq_request_started(scsi_cmd_to_rq(cmd)))
- sp->done(sp, res);
+ switch (sp->type) {
+ case SRB_SCSI_CMD:
+ if (ret_cmd && blk_mq_request_started(scsi_cmd_to_rq(cmd)))
+ sp->done(sp, res);
+ break;
+ default:
+ if (ret_cmd)
+ sp->done(sp, res);
+ break;
+ }
} else {
sp->done(sp, res);
}
--
2.42.0
next prev parent reply other threads:[~2023-12-05 3:47 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-05 3:16 [PATCH 5.4 00/94] 5.4.263-rc1 review Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 01/94] driver core: Release all resources during unbind before updating device links Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 02/94] RDMA/irdma: Prevent zero-length STAG registration Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 03/94] PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 04/94] afs: Make error on cell lookup failure consistent with OpenAFS Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 05/94] drm/panel: simple: Fix Innolux G101ICE-L01 bus flags Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 06/94] drm/panel: simple: Fix Innolux G101ICE-L01 timings Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 07/94] ata: pata_isapnp: Add missing error check for devm_ioport_map() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 08/94] drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 09/94] HID: core: store the unique system identifier in hid_device Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 10/94] HID: fix HID device resource race between HID core and debugging support Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 11/94] ipv4: Correct/silence an endian warning in __ip_do_redirect Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 12/94] net: usb: ax88179_178a: fix failed operations during ax88179_reset Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 13/94] arm/xen: fix xen_vcpu_info allocation alignment Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 14/94] amd-xgbe: handle corner-case during sfp hotplug Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 15/94] amd-xgbe: handle the corner-case during tx completion Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 16/94] amd-xgbe: propagate the correct speed and duplex status Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 17/94] net: axienet: Fix check for partial TX checksum Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 18/94] afs: Return ENOENT if no cell DNS record can be found Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 19/94] afs: Fix file locking on R/O volumes to operate in local mode Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 20/94] nvmet: remove unnecessary ctrl parameter Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 21/94] nvmet: nul-terminate the NQNs passed in the connect command Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 22/94] MIPS: KVM: Fix a build warning about variable set but not used Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 23/94] ext4: add a new helper to check if es must be kept Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 24/94] ext4: factor out __es_alloc_extent() and __es_free_extent() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 25/94] ext4: use pre-allocated es in __es_insert_extent() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 26/94] ext4: use pre-allocated es in __es_remove_extent() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 27/94] ext4: using nofail preallocation in ext4_es_remove_extent() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 28/94] ext4: using nofail preallocation in ext4_es_insert_delayed_block() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 29/94] ext4: using nofail preallocation in ext4_es_insert_extent() Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 30/94] ext4: fix slab-use-after-free " Greg Kroah-Hartman
2023-12-05 3:16 ` [PATCH 5.4 31/94] ext4: make sure allocate pending entry not fail Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 32/94] arm64: cpufeature: Extract capped perfmon fields Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 33/94] KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 34/94] ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 35/94] bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 36/94] s390/dasd: protect device queue against concurrent access Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 37/94] USB: serial: option: add Luat Air72*U series products Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 38/94] hv_netvsc: Fix race of register_netdevice_notifier and VF register Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 39/94] hv_netvsc: Mark VF as slave before exposing it to user-mode Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 40/94] dm-delay: fix a race between delay_presuspend and delay_bio Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 41/94] bcache: check return value from btree_node_alloc_replacement() Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 42/94] bcache: prevent potential division by zero error Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 43/94] USB: serial: option: add Fibocom L7xx modules Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 44/94] USB: serial: option: fix FM101R-GL defines Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 45/94] USB: serial: option: dont claim interface 4 for ZTE MF290 Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 46/94] USB: dwc2: write HCINT with INTMASK applied Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 47/94] usb: dwc3: set the dma max_seg_size Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 48/94] USB: dwc3: qcom: fix resource leaks on probe deferral Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 49/94] USB: dwc3: qcom: fix wakeup after " Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 50/94] io_uring: fix off-by one bvec index Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 51/94] perf inject: Fix GEN_ELF_TEXT_OFFSET for jit Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 52/94] pinctrl: avoid reload of p state in list iteration Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 53/94] firewire: core: fix possible memory leak in create_units() Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 54/94] mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 55/94] mmc: block: Do not lose cache flush during CQE error recovery Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 56/94] ALSA: hda: Disable power-save on KONTRON SinglePC Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 57/94] ALSA: hda/realtek: Headset Mic VREF to 100% Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 58/94] ALSA: hda/realtek: Add supported ALC257 for ChromeOS Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 59/94] dm-verity: align struct dm_verity_fec_io properly Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 60/94] dm verity: dont perform FEC for failed readahead IO Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 61/94] bcache: revert replacing IS_ERR_OR_NULL with IS_ERR Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 62/94] powerpc: Dont clobber f0/vs0 during fp|altivec register save Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 63/94] btrfs: add dmesg output for first mount and last unmount of a filesystem Greg Kroah-Hartman
2023-12-09 17:28 ` Nathan Chancellor
2023-12-11 14:56 ` Greg Kroah-Hartman
2023-12-13 13:08 ` David Sterba
2023-12-05 3:17 ` [PATCH 5.4 64/94] btrfs: fix off-by-one when checking chunk map includes logical address Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 65/94] btrfs: send: ensure send_fd is writable Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 66/94] btrfs: make error messages more clear when getting a chunk map Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 67/94] Input: xpad - add HyperX Clutch Gladiate Support Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 68/94] ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 69/94] net: stmmac: xgmac: Disable FPE MMC interrupts Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 70/94] ravb: Fix races between ravb_tx_timeout_work() and net related ops Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 71/94] net: ravb: Use pm_runtime_resume_and_get() Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 72/94] net: ravb: Start TX queues after HW initialization succeeded Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 73/94] perf intel-pt: Adjust sample flags for VM-Exit Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 74/94] perf intel-pt: Fix async branch flags Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 75/94] smb3: fix touch -h of symlink Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 76/94] s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 77/94] s390/cmma: fix detection of DAT pages Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 78/94] mtd: cfi_cmdset_0001: Support the absence of protection registers Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 79/94] mtd: cfi_cmdset_0001: Byte swap OTP info Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 80/94] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 81/94] ima: annotate iint mutex to avoid lockdep false positive warnings Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 82/94] ovl: skip overlayfs superblocks at global sync Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 83/94] ima: detect changes to the backing overlay file Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 84/94] scsi: qla2xxx: Simplify the code for aborting SCSI commands Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 85/94] scsi: core: Introduce the scsi_cmd_to_rq() function Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 86/94] scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request Greg Kroah-Hartman
2023-12-05 3:17 ` Greg Kroah-Hartman [this message]
2023-12-05 3:17 ` [PATCH 5.4 88/94] cpufreq: imx6q: dont warn for disabling a non-existing frequency Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 89/94] cpufreq: imx6q: Dont disable 792 Mhz OPP unnecessarily Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 90/94] mmc: cqhci: Increase recovery halt timeout Greg Kroah-Hartman
2023-12-05 3:17 ` [PATCH 5.4 91/94] mmc: cqhci: Warn of halt or task clear failure Greg Kroah-Hartman
2023-12-05 3:18 ` [PATCH 5.4 92/94] mmc: cqhci: Fix task clearing in CQE error recovery Greg Kroah-Hartman
2023-12-05 3:18 ` [PATCH 5.4 93/94] mmc: core: convert comma to semicolon Greg Kroah-Hartman
2023-12-05 3:18 ` [PATCH 5.4 94/94] mmc: block: Retry commands in CQE error recovery Greg Kroah-Hartman
2023-12-05 3:53 ` [PATCH 5.4 00/94] 5.4.263-rc1 review Guenter Roeck
2023-12-05 4:33 ` Greg Kroah-Hartman
2023-12-05 11:09 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231205031527.649643778@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=martin.petersen@oracle.com \
--cc=njavali@marvell.com \
--cc=patches@lists.linux.dev \
--cc=qutran@marvell.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.