AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-03 04:46:56 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
7fd29aa920
linux_dsm_epyc7002/drivers
History
Nicholas Bellinger 7fd29aa920 target: Fix transport_get_lun_for_tmr failure cases 
This patch fixes two possible NULL pointer dereferences in target v4.0
code where se_tmr release path in core_tmr_release_req() can OOPs upon
transport_get_lun_for_tmr() failure by attempting to access se_device or
se_tmr->tmr_list without a valid member of se_device->tmr_list during
transport_free_se_cmd() release.  This patch moves the se_tmr->tmr_dev
pointer assignment in transport_get_lun_for_tmr() until after possible
-ENODEV failures during unpacked_lun lookup.

This addresses an OOPs originally reported with LIO v4.1 upstream on
.39 code here:

    TARGET_CORE[qla2xxx]: Detected NON_EXISTENT_LUN Access for 0x00000000
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000550
    IP: [<ffffffff81035ec4>] __ticket_spin_trylock+0x4/0x20
    PGD 0
    Oops: 0000 [#1] SMP
    last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
    CPU 1
    Modules linked in: netconsole target_core_pscsi target_core_file
tcm_qla2xxx target_core_iblock tcm_loop target_core_mod configfs
ipmi_devintf ipmi_si ipmi_msghandler serio_raw i7core_edac ioatdma dca
edac_core ps_bdrv ses enclosure usbhid usb_storage ahci qla2xxx hid
uas e1000e mpt2sas libahci mlx4_core scsi_transport_fc
scsi_transport_sas raid_class scsi_tgt [last unloaded: netconsole]

    Pid: 0, comm: kworker/0:0 Tainted: G        W   2.6.39+ #1 Xyratex Storage Server
    RIP: 0010:[<ffffffff81035ec4>] [<ffffffff81035ec4>]__ticket_spin_trylock+0x4/0x20
    RSP: 0018:ffff88063e803c08  EFLAGS: 00010286
    RAX: ffff880619ab45e0 RBX: 0000000000000550 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000550
    RBP: ffff88063e803c08 R08: 0000000000000002 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000568
    R13: 0000000000000001 R14: 0000000000000000 R15: ffff88060cd96a20
    FS:  0000000000000000(0000) GS:ffff88063e800000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 0000000000000550 CR3: 0000000001a03000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process kworker/0:0 (pid: 0, threadinfo ffff880619ab8000, task ffff880619ab45e0)
    Stack:
     ffff88063e803c28 ffffffff812cf039 0000000000000550 0000000000000568
     ffff88063e803c58 ffffffff8157071e ffffffffa028a1dc ffff88060f7e4600
     0000000000000550 ffff880616961480 ffff88063e803c78 ffffffffa028a1dc
    Call Trace:
<IRQ>
     [<ffffffff812cf039>] do_raw_spin_trylock+0x19/0x50
     [<ffffffff8157071e>] _raw_spin_lock+0x3e/0x70
     [<ffffffffa028a1dc>] ? core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028a1dc>] core_tmr_release_req+0x2c/0x60 [target_core_mod]
     [<ffffffffa028d0d2>] transport_free_se_cmd+0x22/0x50 [target_core_mod]
     [<ffffffffa028d120>] transport_release_cmd_to_pool+0x20/0x40 [target_core_mod]
     [<ffffffffa028e525>] transport_generic_free_cmd+0xa5/0xb0 [target_core_mod]
     [<ffffffffa0147cc4>] tcm_qla2xxx_handle_tmr+0xc4/0xd0 [tcm_qla2xxx]
     [<ffffffffa0191ba3>] __qla24xx_handle_abts+0xd3/0x150 [qla2xxx]
     [<ffffffffa0197651>] qla_tgt_response_pkt+0x171/0x520 [qla2xxx]
     [<ffffffffa0197a2d>] qla_tgt_response_pkt_all_vps+0x2d/0x220 [qla2xxx]
     [<ffffffffa0171dd3>] qla24xx_process_response_queue+0x1a3/0x670 [qla2xxx]
     [<ffffffffa0196281>] ? qla24xx_atio_pkt+0x81/0x120 [qla2xxx]
     [<ffffffffa0174025>] ? qla24xx_msix_default+0x45/0x2a0 [qla2xxx]
     [<ffffffffa0174198>] qla24xx_msix_default+0x1b8/0x2a0 [qla2xxx]
     [<ffffffff810dadb4>] handle_irq_event_percpu+0x54/0x210
     [<ffffffff810dafb8>] handle_irq_event+0x48/0x70
     [<ffffffff810dd5ee>] ? handle_edge_irq+0x1e/0x110
     [<ffffffff810dd647>] handle_edge_irq+0x77/0x110
     [<ffffffff8100d362>] handle_irq+0x22/0x40
     [<ffffffff8157b28d>] do_IRQ+0x5d/0xe0
     [<ffffffff81571413>] common_interrupt+0x13/0x13
<EOI>
     [<ffffffff813003f7>] ? intel_idle+0xd7/0x130
     [<ffffffff813003f0>] ? intel_idle+0xd0/0x130
     [<ffffffff8144832b>] cpuidle_idle_call+0xab/0x1c0
     [<ffffffff8100a26b>] cpu_idle+0xab/0xf0
     [<ffffffff81566c59>] start_secondary+0x1cb/0x1d2

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-06-23 23:59:45 +00:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-05-29 11:19:16 -07:00
amba ARM: 6829/1: amba: make hardcoded periphid override hardware 2011-05-26 10:33:34 +01:00
ata libata: fix unexpectedly frozen port after ata_eh_reset() 2011-06-07 15:55:55 -04:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
auxdisplay
base PM / Runtime: Fix loops in pm_runtime_clk_notify() 2011-06-07 23:34:58 +02:00
bcma drivers/bcma/host_pci.c needs slab.h 2011-05-26 17:12:32 -07:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2011-06-04 08:11:26 +09:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem 2011-06-17 12:40:36 -04:00
cdrom block: fix mismerge of the DISK_EVENT_MEDIA_CHANGE removal 2011-06-02 05:29:19 +09:00
char drivers/char/hpet.c: fix periodic-emulation for delayed interrupts 2011-06-15 20:04:02 -07:00
clk
clocksource Revert "clocksource: sh_cmt: Runtime PM support" 2011-05-31 15:26:42 +09:00
connector
cpufreq [CPUFREQ] powernow-k8: Don't try to transition if the pstate is incorrect 2011-06-16 16:31:13 -04:00
cpuidle Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 2011-05-29 11:18:09 -07:00
crypto [S390] ap: skip device registration on type probe failure 2011-05-23 10:24:29 +02:00
dca
dio
dma dmaengine: shdma: SH_DMAC_MAX_CHANNELS message fix 2011-06-14 15:03:07 +09:00
edac edac,rcu: use synchronize_rcu() instead of call_rcu()+rcu_barrier() 2011-05-26 17:12:37 -07:00
eisa
firewire
firmware iscsi_ibft: iscsi_ibft_find unused variable i 2011-06-09 09:05:12 -04:00
gpio gpio/omap4: Fix missing interrupts during device wakeup due to IOPAD. 2011-06-16 08:40:43 -06:00
gpu drm/radeon/kms/r6xx+: voltage fixes 2011-06-21 09:38:25 +10:00
hid Revert "HID: magicmouse: ignore 'ivalid report id' while switching modes" 2011-06-16 12:21:34 +02:00
hwmon hwmon: (s3c) Initialize sysfs attributes 2011-06-17 23:22:27 -07:00
hwspinlock
i2c mfd: Use mfd cell platform_data for timberdale cells platform bits 2011-05-26 19:45:05 +02:00
ide ide-cd: signedness warning fix again 2011-06-11 15:06:48 -07:00
idle
ieee802154
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2011-05-26 12:13:57 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2011-06-20 08:59:46 -07:00
isdn gigaset: call module_put before restart of if_open() 2011-06-17 15:27:32 -04:00
leds leds: fix the incorrect display in menuconfig 2011-06-15 20:04:01 -07:00
lguest
macintosh Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
mca
md md/raid5: remove unusual use of bio_iovec_idx() 2011-06-14 14:23:57 +10:00
media Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2011-06-09 13:09:07 -07:00
memstick
message Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
mfd mfd: Fix build breakage caused by tps65910 gpio directory move 2011-05-28 08:38:55 +02:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 20:10:18 -07:00
mmc Merge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm 2011-06-15 22:01:36 -07:00
mtd Merge git://git.infradead.org/mtd-2.6 2011-05-27 20:06:53 -07:00
net pxa168_eth: fix race in transmit path. 2011-06-20 14:02:07 -07:00
nfc
nubus
of Merge branch 'devicetree/arm-next' of git://git.secretlab.ca/git/linux-2.6 into devel-stable 2011-05-25 00:08:17 +01:00
oprofile oprofile: Fix locking dependency in sync_start() 2011-05-31 16:33:34 +02:00
parisc
parport Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
pci Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2011-06-14 11:25:32 -07:00
pcmcia gpio: include linux/gpio.h where needed 2011-06-16 08:40:44 -06:00
platform Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86 2011-05-29 11:44:33 -07:00
pnp
power Merge git://git.infradead.org/battery-2.6 2011-05-27 10:12:35 -07:00
pps
ps3
ptp ptp: Fix some locking bugs in ptp_read() 2011-06-01 19:29:10 -07:00
rapidio
regulator regulator: Fix _regulator_get_voltage if get_voltage callback is NULL 2011-05-27 10:49:30 +01:00
rtc Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-06-13 10:47:04 -07:00
s390 [S390] qdio: Split SBAL entry flags 2011-06-06 14:14:56 +02:00
sbus
scsi [SCSI] Fix oops caused by queue refcounting failure 2011-06-02 18:34:43 +09:00
sfi
sh drivers: sh: resume enabled clocks fix 2011-06-14 15:15:25 +09:00
sn
spi spi/bfin_spi: fix handling of default bits per word setting 2011-06-17 08:27:27 -06:00
ssb ssb: fix PCI(e) driver regression causing oops on PCI cards 2011-06-03 14:19:49 -04:00
staging staging: fix iio builds when IIO_RING_BUFFER is not enabled 2011-06-16 08:29:00 -07:00
target target: Fix transport_get_lun_for_tmr failure cases 2011-06-23 23:59:45 +00:00
tc
telephony
thermal
tty drivers/tty/serial/pch_uart.c: don't oops if dmi_get_system_info returns NULL 2011-06-15 20:04:02 -07:00
uio
usb USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver 2011-06-08 13:48:30 -07:00
uwb
vhost vhost: support event index 2011-05-30 11:14:15 +09:30
video Merge branch 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-3.x 2011-06-16 09:45:47 -07:00
virtio virtio: add api for delayed callbacks 2011-05-30 11:14:16 +09:30
vlynq
w1 w1: W1_MASTER_DS1WM should depend on GENERIC_HARDIRQS 2011-06-15 20:04:00 -07:00
watchdog mfd: Use mfd cell platform_data for rdc321x cells platform bits 2011-05-26 19:45:06 +02:00
xen Merge branch 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2011-06-20 09:01:33 -07:00
zorro
Kconfig ptp: Added a brand new class driver for ptp clocks. 2011-05-23 13:01:00 -07:00
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2011-05-28 12:35:15 -07:00