[PATCH v4 1/9] IB/srp: Fix a sporadic crash triggered by cable pulling

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bart Van Assche <bvanassche-HInyCGIudOg@public.gmane.org>
To: Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
	Vu Pham <vu-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
	Sebastian Parschauer
	<sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org>,
	David Dillow <dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org>,
	linux-rdma <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: [PATCH v4 1/9] IB/srp: Fix a sporadic crash triggered by cable pulling
Date: Tue, 20 May 2014 15:03:49 +0200	[thread overview]
Message-ID: <537B52B5.5060201@acm.org> (raw)
In-Reply-To: <537B5286.1060504-HInyCGIudOg@public.gmane.org>

Avoid that the loops that iterate over the request ring can
encounter a pointer to a SCSI command in req->scmnd that is
no longer associated with that request. If the function
srp_unmap_data() is invoked twice for a SCSI command that is
not in flight then that would cause ib_fmr_pool_unmap() to
be invoked with an invalid pointer as argument, resulting in
a kernel oops.

Reported-by: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reference: http://thread.gmane.org/gmane.linux.drivers.rdma/19068/focus=19069
Signed-off-by: Bart Van Assche <bvanassche-HInyCGIudOg@public.gmane.org>
Reviewed-by: Sagi Grimberg <sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Roland Dreier <roland-BHEL68pLQRGGvPXPguhicg@public.gmane.org>
Cc: David Dillow <dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org>
Cc: Vu Pham <vu-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Sebastian Parschauer <sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org>
Cc: stable <stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
---
 drivers/infiniband/ulp/srp/ib_srp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index 66a908b..5b2bed8 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1594,6 +1594,12 @@ err_unmap:
 err_iu:
 	srp_put_tx_iu(target, iu, SRP_IU_CMD);
 
+	/*
+	 * Avoid that the loops that iterate over the request ring can
+	 * encounter a dangling SCSI command pointer.
+	 */
+	req->scmnd = NULL;
+
 	spin_lock_irqsave(&target->lock, flags);
 	list_add(&req->list, &target->free_reqs);
 
-- 
1.8.4.5

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2014-05-20 13:03 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-20 13:03 [PATCH v4 0/9] SRP initiator patches for kernel 3.16 Bart Van Assche
     [not found] ` <537B5286.1060504-HInyCGIudOg@public.gmane.org>
2014-05-20 13:03   ` Bart Van Assche [this message]
2014-05-20 13:04   ` [PATCH v4 2/9] IB/srp: Fix kernel-doc warnings Bart Van Assche
2014-05-20 13:04   ` [PATCH v4 3/9] IB/srp: Introduce an additional local variable Bart Van Assche
2014-05-20 13:05   ` [PATCH v4 4/9] IB/srp: Introduce srp_map_fmr() Bart Van Assche
2014-05-20 13:05   ` [PATCH v4 5/9] IB/srp: Introduce srp_finish_mapping() Bart Van Assche
2014-05-20 13:06   ` [PATCH v4 6/9] IB/srp: Introduce the 'register_always' kernel module parameter Bart Van Assche
2014-05-20 13:07   ` [PATCH v4 7/9] IB/srp: One FMR pool per SRP connection Bart Van Assche
2014-05-20 13:07   ` [PATCH v4 8/9] IB/srp: Rename FMR-related variables Bart Van Assche
2014-05-20 13:08   ` [PATCH v4 9/9] IB/srp: Add fast registration support Bart Van Assche
2014-05-20 14:06   ` [PATCH v4 0/9] SRP initiator patches for kernel 3.16 Or Gerlitz
     [not found]     ` <537B6168.1030502-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2014-05-20 16:09       ` Roland Dreier

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:66a908b dfblob:5b2bed8 )
 OR (
bs:"[PATCH v4 1/9] IB/srp: Fix a sporadic crash triggered by cable pulling" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=537B52B5.5060201@acm.org \
    --to=bvanassche-hinycgiudog@public.gmane.org \
    --cc=dave-i1Mk8JYDVaaSihdK6806/g@public.gmane.org \
    --cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
    --cc=sagig-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
    --cc=sebastian.riemer-EIkl63zCoXaH+58JC4qpiA@public.gmane.org \
    --cc=vu-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.