From: Bart Van Assche <bvanassche-HInyCGIudOg@public.gmane.org>
To: Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Vu Pham <vuhuong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
David Dillow <dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org>,
Sebastian Parschauer
<sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org>,
linux-rdma <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: [PATCH v2 1/9] IB/srp: Fix a sporadic crash triggered by cable pulling
Date: Tue, 13 May 2014 16:39:13 +0200 [thread overview]
Message-ID: <53722E91.20902@acm.org> (raw)
In-Reply-To: <53722E4F.7070709-HInyCGIudOg@public.gmane.org>
Avoid that srp_finish_req() can encounter a pointer to a SCSI command
in req->scmnd that is no longer associated with that request. If the
function srp_finish_req() is invoked twice for a SCSI command that is
not in flight then that would cause srp_unmap_data() to try to invoke
ib_fmr_pool_unmap() with an invalid pointer as argument, resulting in
a kernel oops.
Reported by: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reference: http://thread.gmane.org/gmane.linux.drivers.rdma/19068/focus=19069
Signed-off-by: Bart Van Assche <bvanassche-HInyCGIudOg@public.gmane.org>
Cc: Roland Dreier <roland-BHEL68pLQRGGvPXPguhicg@public.gmane.org>
Cc: David Dillow <dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org>
Cc: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Vu Pham <vu-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Sebastian Parschauer <sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org>
Cc: stable <stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> # 3.13+ ("IB/srp: Use SRP transport layer error recovery")
---
drivers/infiniband/ulp/srp/ib_srp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index 66a908b..427336a 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1594,6 +1594,8 @@ err_unmap:
err_iu:
srp_put_tx_iu(target, iu, SRP_IU_CMD);
+ req->scmnd = NULL; /* for srp_finish_req() */
+
spin_lock_irqsave(&target->lock, flags);
list_add(&req->list, &target->free_reqs);
--
1.8.4.5
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-05-13 14:39 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-13 14:38 [PATCH v2 0/9] SRP initiator patches for kernel 3.16 Bart Van Assche
[not found] ` <53722E4F.7070709-HInyCGIudOg@public.gmane.org>
2014-05-13 14:39 ` Bart Van Assche [this message]
2014-05-13 14:40 ` [PATCH v2 2/9] IB/srp: Fix kernel-doc warnings Bart Van Assche
2014-05-13 14:40 ` [PATCH v2 3/9] IB/srp: Introduce an additional local variable Bart Van Assche
2014-05-13 14:41 ` [PATCH v2 4/9] IB/srp: Introduce srp_map_fmr() Bart Van Assche
2014-05-13 14:41 ` [PATCH v2 5/9] IB/srp: Introduce srp_finish_mapping() Bart Van Assche
2014-05-13 14:42 ` [PATCH v2 6/9] IB/srp: Introduce the 'register_always' kernel module parameter Bart Van Assche
2014-05-13 14:43 ` [PATCH v2 7/9] IB/srp: One FMR pool per SRP connection Bart Van Assche
2014-05-13 14:44 ` [PATCH v2 8/9] IB/srp: Rename FMR-related variables Bart Van Assche
2014-05-13 14:44 ` [PATCH v2 9/9] IB/srp: Add fast registration support Bart Van Assche
[not found] ` <53722FE2.4010808-HInyCGIudOg@public.gmane.org>
2014-05-13 16:48 ` Sagi Grimberg
[not found] ` <53724CC9.6080509-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2014-05-14 7:05 ` Bart Van Assche
[not found] ` <537315CC.1090001-HInyCGIudOg@public.gmane.org>
2014-05-14 8:18 ` Sagi Grimberg
[not found] ` <537326BF.3010706-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2014-05-14 8:51 ` Bart Van Assche
[not found] ` <53732EAE.9010207-HInyCGIudOg@public.gmane.org>
2014-05-14 10:13 ` Sagi Grimberg
2014-05-13 16:50 ` [PATCH v2 0/9] SRP initiator patches for kernel 3.16 Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53722E91.20902@acm.org \
--to=bvanassche-hinycgiudog@public.gmane.org \
--cc=dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org \
--cc=vuhuong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.