From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Bart Van Assche <bart.vanassche@sandisk.com>,
Israel Rukshin <israelr@mellanox.com>,
Max Gurtovoy <maxg@mellanox.com>,
Laurence Oberman <loberman@redhat.com>,
Steve Feeley <Steve.Feeley@sandisk.com>,
Leon Romanovsky <leonro@mellanox.com>,
Doug Ledford <dledford@redhat.com>
Subject: [PATCH 4.10 25/75] IB/srp: Avoid that duplicate responses trigger a kernel bug
Date: Mon, 13 Mar 2017 16:43:34 +0800 [thread overview]
Message-ID: <20170313083412.762619873@linuxfoundation.org> (raw)
In-Reply-To: <20170313083411.408297387@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bart.vanassche@sandisk.com>
commit 6cb72bc1b40bb2c1750ee7a5ebade93bed49a5fb upstream.
After srp_process_rsp() returns there is a short time during which
the scsi_host_find_tag() call will return a pointer to the SCSI
command that is being completed. If during that time a duplicate
response is received, avoid that the following call stack appears:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: srp_recv_done+0x450/0x6b0 [ib_srp]
Oops: 0000 [#1] SMP
CPU: 10 PID: 0 Comm: swapper/10 Not tainted 4.10.0-rc7-dbg+ #1
Call Trace:
<IRQ>
__ib_process_cq+0x4b/0xd0 [ib_core]
ib_poll_handler+0x1d/0x70 [ib_core]
irq_poll_softirq+0xba/0x120
__do_softirq+0xba/0x4c0
irq_exit+0xbe/0xd0
smp_apic_timer_interrupt+0x38/0x50
apic_timer_interrupt+0x90/0xa0
</IRQ>
RIP: srp_recv_done+0x450/0x6b0 [ib_srp] RSP: ffff88046f483e20
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Israel Rukshin <israelr@mellanox.com>
Cc: Max Gurtovoy <maxg@mellanox.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Steve Feeley <Steve.Feeley@sandisk.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1892,9 +1892,11 @@ static void srp_process_rsp(struct srp_r
complete(&ch->tsk_mgmt_done);
} else {
scmnd = scsi_host_find_tag(target->scsi_host, rsp->tag);
- if (scmnd) {
+ if (scmnd && scmnd->host_scribble) {
req = (void *)scmnd->host_scribble;
scmnd = srp_claim_req(ch, req, NULL, scmnd);
+ } else {
+ scmnd = NULL;
}
if (!scmnd) {
shost_printk(KERN_ERR, target->scsi_host,
next prev parent reply other threads:[~2017-03-13 9:01 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-13 8:43 [PATCH 4.10 00/75] 4.10.3-stable review Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 01/75] tty: n_hdlc: get rid of racy n_hdlc.tbuf Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 02/75] serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 03/75] KVM: s390: Disable dirty log retrieval for UCONTROL guests Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 04/75] KVM: VMX: use correct vmcs_read/write for guest segment selector/base Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 05/75] Bluetooth: Add another AR3012 04ca:3018 device Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 06/75] phy: qcom-ufs: Dont kfree devres resource Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 07/75] phy: qcom-ufs: Fix misplaced jump label Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 08/75] s390/qdio: clear DSCI prior to scanning multiple input queues Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 09/75] s390/dcssblk: fix device size calculation in dcssblk_direct_access() Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 10/75] s390/kdump: Use "LINUX" ELF note name instead of "CORE" Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 11/75] s390/chsc: Add exception handler for CHSC instruction Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 12/75] s390: TASK_SIZE for kernel threads Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 13/75] s390/topology: correct allocation of topology information Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 14/75] s390: make setup_randomness work Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 15/75] s390: use correct input data address for setup_randomness Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 16/75] net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put() Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 17/75] cxl: Prevent read/write to AFU config space while AFU not configured Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 18/75] cxl: fix nested locking hang during EEH hotplug Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 19/75] brcmfmac: fix incorrect event channel deduction Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 20/75] mnt: Tuck mounts under others instead of creating shadow/side mounts Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 21/75] IB/ipoib: Fix deadlock between rmmod and set_mode Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 22/75] IB/IPoIB: Add destination address when re-queue packet Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 23/75] IB/mlx5: Fix out-of-bound access Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 24/75] IB/SRP: Avoid using IB_MR_TYPE_SG_GAPS Greg Kroah-Hartman
2017-03-13 8:43 ` Greg Kroah-Hartman [this message]
2017-03-13 8:43 ` [PATCH 4.10 26/75] IB/srp: Fix race conditions related to task management Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 27/75] fs: Better permission checking for submounts Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 28/75] Btrfs: fix data loss after truncate when using the no-holes feature Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 29/75] orangefs: Use RCU for destroy_inode Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 30/75] memory/atmel-ebi: Fix ns <-> cycles conversions Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 31/75] tracing: Fix return value check in trace_benchmark_reg() Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 32/75] ktest: Fix child exit code processing Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 33/75] ceph: remove req from unsafe list when unregistering it Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 34/75] pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot() Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 35/75] pci/hotplug/pnv-php: Disable surprise hotplug capability on conflicts Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 36/75] target: Fix NULL dereference during LUN lookup + active I/O shutdown Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 37/75] drivers/pci/hotplug: Handle presence detection change properly Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 38/75] drivers/pci/hotplug: Fix initial state for empty slot Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 39/75] nlm: Ensure callback code also checks that the files match Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 40/75] pwm: pca9685: Fix period change with same duty cycle Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 41/75] xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 42/75] nfit, libnvdimm: fix interleave set cookie calculation Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 43/75] mac80211: flush delayed work when entering suspend Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 44/75] mac80211: dont reorder frames with SN smaller than SSN Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 45/75] mac80211: dont handle filtered frames within a BA session Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 48/75] drm/amdgpu/pm: check for headless before calling compute_clocks Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 49/75] Revert "drm/amdgpu: update tile table for oland/hainan" Greg Kroah-Hartman
2017-03-13 8:43 ` [PATCH 4.10 50/75] drm/ast: Handle configuration without P2A bridge Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 51/75] drm/ast: Fix test for VGA enabled Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 52/75] drm/ast: Call open_key before enable_mmio in POST code Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 53/75] drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 54/75] drm/radeon: handle vfct with multiple vbios images Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 57/75] drm/vmwgfx: Work around drm removal of control nodes Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 58/75] drm/imx: imx-tve: Do not set the regulator voltage Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 59/75] drm/atomic: fix an error code in mode_fixup() Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 60/75] drm/i915/gvt: Disable access to stolen memory as a guest Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 61/75] drm: Cancel drm_fb_helper_dirty_work on unload Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 62/75] drm: Cancel drm_fb_helper_resume_work " Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 63/75] drm/i915: Recreate internal objects with single page segments if dmar fails Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 65/75] drm/i915: Check for timeout completion when waiting for the rq to submitted Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 66/75] drm/i915: Pass timeout==0 on to i915_gem_object_wait_fence() Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 67/75] drm/i915: Fix not finding the VBT when it overlaps with OPREGION_ASLE_EXT Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 68/75] libceph: use BUG() instead of BUG_ON(1) Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 69/75] x86, mm: fix gup_pte_range() vs DAX mappings Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 70/75] x86/tlb: Fix tlb flushing when lguest clears PGE Greg Kroah-Hartman
2017-03-13 8:44 ` Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 71/75] thp: fix another corner case of munlock() vs. THPs Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 72/75] mm: do not call mem_cgroup_free() from within mem_cgroup_alloc() Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 73/75] kasan: resched in quarantine_remove_cache() Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 74/75] fat: fix using uninitialized fields of fat_inode/fsinfo_inode Greg Kroah-Hartman
2017-03-13 8:44 ` [PATCH 4.10 75/75] drivers: hv: Turn off write permission on the hypercall page Greg Kroah-Hartman
2017-03-13 22:38 ` [PATCH 4.10 00/75] 4.10.3-stable review Guenter Roeck
2017-03-14 3:03 ` Greg Kroah-Hartman
[not found] ` <58c6a880.6911190a.38795.3505@mx.google.com>
2017-03-14 3:04 ` Greg Kroah-Hartman
2017-03-14 17:10 ` Kevin Hilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170313083412.762619873@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Steve.Feeley@sandisk.com \
--cc=bart.vanassche@sandisk.com \
--cc=dledford@redhat.com \
--cc=israelr@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=loberman@redhat.com \
--cc=maxg@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.