From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Nilesh Javali <njavali@marvell.com>,
Lee Duncan <lduncan@suse.com>, Chris Leech <cleech@redhat.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 56/60] scsi: qedi: Check targetname while finding boot target information
Date: Wed, 26 Jun 2019 20:36:11 -0400 [thread overview]
Message-ID: <20190627003616.20767-56-sashal@kernel.org> (raw)
In-Reply-To: <20190627003616.20767-1-sashal@kernel.org>
From: Nilesh Javali <njavali@marvell.com>
[ Upstream commit 1ac3549ed58cdfdaf43bbf31ac260e2381cc0dae ]
The kernel panic was observed during iSCSI discovery via offload with below
call trace,
[ 2115.646901] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2115.646909] IP: [<ffffffffacf7f0cc>] strncmp+0xc/0x60
[ 2115.646927] PGD 0
[ 2115.646932] Oops: 0000 [#1] SMP
[ 2115.647107] CPU: 24 PID: 264 Comm: kworker/24:1 Kdump: loaded Tainted: G
OE ------------ 3.10.0-957.el7.x86_64 #1
[ 2115.647133] Workqueue: slowpath-13:00. qed_slowpath_task [qed]
[ 2115.647135] task: ffff8d66af80b0c0 ti: ffff8d66afb80000 task.ti: ffff8d66afb80000
[ 2115.647136] RIP: 0010:[<ffffffffacf7f0cc>] [<ffffffffacf7f0cc>] strncmp+0xc/0x60
[ 2115.647141] RSP: 0018:ffff8d66afb83c68 EFLAGS: 00010206
[ 2115.647143] RAX: 0000000000000001 RBX: 0000000000000007 RCX: 000000000000000a
[ 2115.647144] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff8d632b3ba040
[ 2115.647145] RBP: ffff8d66afb83c68 R08: 0000000000000000 R09: 000000000000ffff
[ 2115.647147] R10: 0000000000000007 R11: 0000000000000800 R12: ffff8d66a30007a0
[ 2115.647148] R13: ffff8d66747a3c10 R14: ffff8d632b3ba000 R15: ffff8d66747a32f8
[ 2115.647149] FS: 0000000000000000(0000) GS:ffff8d66aff00000(0000) knlGS:0000000000000000
[ 2115.647151] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2115.647152] CR2: 0000000000000000 CR3: 0000000509610000 CR4: 00000000007607e0
[ 2115.647153] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2115.647154] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2115.647155] PKRU: 00000000
[ 2115.647157] Call Trace:
[ 2115.647165] [<ffffffffc0634cc5>] qedi_get_protocol_tlv_data+0x2c5/0x510 [qedi]
[ 2115.647184] [<ffffffffc05968f5>] ? qed_mfw_process_tlv_req+0x245/0xbe0 [qed]
[ 2115.647195] [<ffffffffc05496cb>] qed_mfw_fill_tlv_data+0x4b/0xb0 [qed]
[ 2115.647206] [<ffffffffc0596911>] qed_mfw_process_tlv_req+0x261/0xbe0 [qed]
[ 2115.647215] [<ffffffffacce0e8e>] ? dequeue_task_fair+0x41e/0x660
[ 2115.647221] [<ffffffffacc2a59e>] ? __switch_to+0xce/0x580
[ 2115.647230] [<ffffffffc0546013>] qed_slowpath_task+0xa3/0x160 [qed]
[ 2115.647278] RIP [<ffffffffacf7f0cc>] strncmp+0xc/0x60
Fix kernel panic by validating the session targetname before providing TLV
data and confirming the presence of boot targets.
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedi/qedi_main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index 4de740da547b..763c7628356b 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -955,6 +955,9 @@ static int qedi_find_boot_info(struct qedi_ctx *qedi,
if (!iscsi_is_session_online(cls_sess))
continue;
+ if (!sess->targetname)
+ continue;
+
if (pri_ctrl_flags) {
if (!strcmp(pri_tgt->iscsi_name, sess->targetname) &&
!strcmp(pri_tgt->ip_addr, ep_ip_addr)) {
--
2.20.1
next prev parent reply other threads:[~2019-06-27 0:39 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-27 0:35 [PATCH AUTOSEL 4.19 01/60] soc: brcmstb: Fix error path for unsupported CPUs Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 02/60] soc: bcm: brcmstb: biuctrl: Register writes require a barrier Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 03/60] Input: elantech - enable middle button support on 2 ThinkPads Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 04/60] samples, bpf: fix to change the buffer size for read() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 05/60] samples, bpf: suppress compiler warning Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 06/60] mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 07/60] bpf: sockmap, fix use after free from sleep in psock backlog workqueue Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 08/60] soundwire: stream: fix out of boundary access on port properties Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 09/60] staging:iio:ad7150: fix threshold mode config bit Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 10/60] iio: temperature: mlx90632 Relax the compatibility check Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 11/60] mac80211: mesh: fix RCU warning Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 12/60] mac80211: free peer keys before vif down in mesh Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 13/60] mwifiex: Fix possible buffer overflows at parsing bss descriptor Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 14/60] mwifiex: Abort at too short BSS descriptor element Sasha Levin
2019-06-28 22:58 ` Brian Norris
2019-07-10 14:51 ` Sasha Levin
2019-07-10 21:12 ` Brian Norris
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 15/60] iwlwifi: Fix double-free problems in iwl_req_fw_callback() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 16/60] mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 17/60] bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 18/60] netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 19/60] soundwire: intel: set dai min and max channels correctly Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 20/60] netfilter: ipv6: nf_defrag: accept duplicate fragments again Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 21/60] dt-bindings: can: mcp251x: add mcp25625 support Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 22/60] can: mcp251x: add support for mcp25625 Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 23/60] can: m_can: implement errata "Needless activation of MRAF irq" Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 24/60] can: af_can: Fix error path of can_init() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 25/60] net: phy: rename Asix Electronics PHY driver Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 26/60] ibmvnic: Do not close unopened driver during reset Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 27/60] ibmvnic: Refresh device multicast list after reset Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 28/60] ibmvnic: Fix unchecked return codes of memory allocations Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 29/60] ARM: dts: am335x phytec boards: Fix cd-gpios active level Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 30/60] s390/boot: disable address-of-packed-member warning Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 31/60] bpf: lpm_trie: check left child of last leftmost node for NULL Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 32/60] drm/vmwgfx: Honor the sg list segment size limitation Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 33/60] drm/vmwgfx: fix a warning due to missing dma_parms Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 34/60] riscv: Fix udelay in RV32 Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 35/60] Input: imx_keypad - make sure keyboard can always wake up system Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 36/60] KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 37/60] mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 38/60] ARM: davinci: da850-evm: call regulator_has_full_constraints() Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 39/60] ARM: davinci: da8xx: specify dma_coherent_mask for lcdc Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 40/60] mac80211: only warn once on chanctx_conf being NULL Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 41/60] mac80211: do not start any work during reconfigure flow Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 42/60] bpf, devmap: Fix premature entry free on destroying map Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 43/60] bpf, devmap: Add missing bulk queue free Sasha Levin
2019-06-27 0:35 ` [PATCH AUTOSEL 4.19 44/60] bpf, devmap: Add missing RCU read lock on flush Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 45/60] bpf, x64: fix stack layout of JITed bpf code Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 46/60] qmi_wwan: add support for QMAP padding in the RX path Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 47/60] qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 48/60] qmi_wwan: extend permitted QMAP mux_id value range Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 49/60] bpf: fix nested bpf tracepoints with per-cpu data Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 50/60] mmc: core: complete HS400 before checking status Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 51/60] md: fix for divide error in status_resync Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 52/60] bnx2x: Check if transceiver implements DDM before access Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 53/60] drm: return -EFAULT if copy_to_user() fails Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 54/60] ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 55/60] net: lio_core: fix potential sign-extension overflow on large shift Sasha Levin
2019-06-27 0:36 ` Sasha Levin [this message]
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 57/60] quota: fix a problem about transfer quota Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 58/60] net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 59/60] NFS4: Only set creation opendata if O_CREAT Sasha Levin
2019-06-27 0:36 ` [PATCH AUTOSEL 4.19 60/60] net :sunrpc :clnt :Fix xps refcount imbalance on the error path Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190627003616.20767-56-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=cleech@redhat.com \
--cc=lduncan@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=njavali@marvell.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox