From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Quinn Tran <qutran@marvell.com>,
Himanshu Madhani <himanshu.madhani@oracle.com>,
Nilesh Javali <njavali@marvell.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 5.8 48/63] scsi: qla2xxx: Fix null pointer access during disconnect from subsystem
Date: Mon, 24 Aug 2020 12:34:48 -0400 [thread overview]
Message-ID: <20200824163504.605538-48-sashal@kernel.org> (raw)
In-Reply-To: <20200824163504.605538-1-sashal@kernel.org>
From: Quinn Tran <qutran@marvell.com>
[ Upstream commit 83949613fac61e8e37eadf8275bf072342302f4e ]
NVMEAsync command is being submitted to QLA while the same NVMe controller
is in the middle of reset. The reset path has deleted the association and
freed aen_op->fcp_req.private. Add a check for this private pointer before
issuing the command.
...
6 [ffffb656ca11fce0] page_fault at ffffffff8c00114e
[exception RIP: qla_nvme_post_cmd+394]
RIP: ffffffffc0d012ba RSP: ffffb656ca11fd98 RFLAGS: 00010206
RAX: ffff8fb039eda228 RBX: ffff8fb039eda200 RCX: 00000000000da161
RDX: ffffffffc0d4d0f0 RSI: ffffffffc0d26c9b RDI: ffff8fb039eda220
RBP: 0000000000000013 R8: ffff8fb47ff6aa80 R9: 0000000000000002
R10: 0000000000000000 R11: ffffb656ca11fdc8 R12: ffff8fb27d04a3b0
R13: ffff8fc46dd98a58 R14: 0000000000000000 R15: ffff8fc4540f0000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
7 [ffffb656ca11fe08] nvme_fc_start_fcp_op at ffffffffc0241568 [nvme_fc]
8 [ffffb656ca11fe50] nvme_fc_submit_async_event at ffffffffc0241901 [nvme_fc]
9 [ffffb656ca11fe68] nvme_async_event_work at ffffffffc014543d [nvme_core]
10 [ffffb656ca11fe98] process_one_work at ffffffff8b6cd437
11 [ffffb656ca11fed8] worker_thread at ffffffff8b6cdcef
12 [ffffb656ca11ff10] kthread at ffffffff8b6d3402
13 [ffffb656ca11ff50] ret_from_fork at ffffffff8c000255
--
PID: 37824 TASK: ffff8fb033063d80 CPU: 20 COMMAND: "kworker/u97:451"
0 [ffffb656ce1abc28] __schedule at ffffffff8be629e3
1 [ffffb656ce1abcc8] schedule at ffffffff8be62fe8
2 [ffffb656ce1abcd0] schedule_timeout at ffffffff8be671ed
3 [ffffb656ce1abd70] wait_for_completion at ffffffff8be639cf
4 [ffffb656ce1abdd0] flush_work at ffffffff8b6ce2d5
5 [ffffb656ce1abe70] nvme_stop_ctrl at ffffffffc0144900 [nvme_core]
6 [ffffb656ce1abe80] nvme_fc_reset_ctrl_work at ffffffffc0243445 [nvme_fc]
7 [ffffb656ce1abe98] process_one_work at ffffffff8b6cd437
8 [ffffb656ce1abed8] worker_thread at ffffffff8b6cdb50
9 [ffffb656ce1abf10] kthread at ffffffff8b6d3402
10 [ffffb656ce1abf50] ret_from_fork at ffffffff8c000255
Link: https://lore.kernel.org/r/20200806111014.28434-10-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_nvme.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c
index fa695a4007f86..262dfd7635a48 100644
--- a/drivers/scsi/qla2xxx/qla_nvme.c
+++ b/drivers/scsi/qla2xxx/qla_nvme.c
@@ -536,6 +536,11 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport,
struct nvme_private *priv = fd->private;
struct qla_nvme_rport *qla_rport = rport->private;
+ if (!priv) {
+ /* nvme association has been torn down */
+ return rval;
+ }
+
fcport = qla_rport->fcport;
if (!qpair || !fcport || (qpair && !qpair->fw_started) ||
--
2.25.1
next prev parent reply other threads:[~2020-08-24 17:17 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 16:34 [PATCH AUTOSEL 5.8 01/63] spi: stm32: clear only asserted irq flags on interrupt Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 02/63] jbd2: make sure jh have b_transaction set in refile/unfile_buffer Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 03/63] ext4: don't BUG on inconsistent journal feature Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 04/63] ext4: handle read only external journal device Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 05/63] ext4: skip non-loaded groups at cr=0/1 when scanning for good groups Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 06/63] drm/virtio: fix memory leak in virtio_gpu_cleanup_object() Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 07/63] ext4: abort the filesystem if failed to async write metadata buffer Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 08/63] jbd2: abort journal if free a async write error " Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 09/63] ext4: handle option set by mount flags correctly Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 10/63] ext4: handle error of ext4_setup_system_zone() on remount Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 11/63] ext4: correctly restore system zone info when remount fails Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 12/63] fs: prevent BUG_ON in submit_bh_wbc() Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 13/63] spi: stm32h7: fix race condition at end of transfer Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 14/63] spi: stm32: fix fifo threshold level in case of short transfer Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 15/63] spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 16/63] spi: stm32: always perform registers configuration prior to transfer Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 17/63] drm/amd/powerplay: correct Vega20 cached smu feature state Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 18/63] drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 19/63] drm/amd/display: Fix LFC multiplier changing erratically Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 20/63] drm/amd/display: Switch to immediate mode for updating infopackets Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 21/63] selftests/bpf: Fix segmentation fault in test_progs Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 22/63] libbpf: Handle GCC built-in types for Arm NEON Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 23/63] netfilter: avoid ipv6 -> nf_defrag_ipv6 module dependency Sasha Levin
2020-08-24 16:34 ` [Bridge] " Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 24/63] libbpf: Prevent overriding errno when logging errors Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 25/63] tools/bpftool: Fix compilation warnings in 32-bit mode Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 26/63] selftest/bpf: " Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 27/63] selftests/bpf: Fix btf_dump test cases on 32-bit arches Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 28/63] selftests/bpf: Correct various core_reloc 64-bit assumptions Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 29/63] can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 30/63] dma-pool: fix coherent pool allocations for IOMMU mappings Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 31/63] dma-pool: Only allocate from CMA when in same memory zone Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 32/63] drivers/net/wan/hdlc_x25: Added needed_headroom and a skb->len check Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 33/63] ALSA: hda/realtek: Add model alc298-samsung-headphone Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 34/63] s390/cio: add cond_resched() in the slow_eval_known_fn() loop Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 35/63] ASoC: wm8994: Avoid attempts to read unreadable registers Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 36/63] ALSA: usb-audio: ignore broken processing/extension unit Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 37/63] selftests: disable rp_filter for icmp_redirect.sh Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 38/63] scsi: fcoe: Fix I/O path allocation Sasha Levin
2020-08-24 16:34 ` [Intel-wired-lan] " Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 39/63] scsi: ufs: Fix possible infinite loop in ufshcd_hold Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 40/63] scsi: ufs: Improve interrupt handling for shared interrupts Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 41/63] scsi: ufs: Clean up completed request without interrupt notification Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 42/63] scsi: scsi_debug: Fix scp is NULL errors Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 43/63] scsi: qla2xxx: Flush all sessions on zone disable Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 44/63] scsi: qla2xxx: Flush I/O " Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 45/63] scsi: qla2xxx: Indicate correct supported speeds for Mezz card Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 46/63] scsi: qla2xxx: Fix login timeout Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 47/63] scsi: qla2xxx: Check if FW supports MQ before enabling Sasha Levin
2020-08-24 16:34 ` Sasha Levin [this message]
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 49/63] Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 50/63] macvlan: validate setting of multiple remote source MAC addresses Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 51/63] net: gianfar: Add of_node_put() before goto statement Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 52/63] drm/amdgpu: disable gfxoff for navy_flounder Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 18:23 ` Alex Deucher
2020-08-24 18:23 ` Alex Deucher
2020-08-24 18:23 ` Alex Deucher
2020-08-30 22:41 ` Sasha Levin
2020-08-30 22:41 ` Sasha Levin
2020-08-30 22:41 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 53/63] drm/amdgpu: fix NULL pointer access issue when unloading driver Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 54/63] drm/amdkfd: fix the wrong sdma instance query for renoir Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 55/63] bpf: Fix a rcu_sched stall issue with bpf task/task_file iterator Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 56/63] bpf: Avoid visit same object multiple times Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 57/63] ext4: limit the length of per-inode prealloc list Sasha Levin
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 58/63] Revert "drm/amdgpu: disable gfxoff for navy_flounder" Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 18:24 ` Alex Deucher
2020-08-24 18:24 ` Alex Deucher
2020-08-24 18:24 ` Alex Deucher
2020-08-24 16:34 ` [PATCH AUTOSEL 5.8 59/63] powerpc/perf: Fix soft lockups due to missed interrupt accounting Sasha Levin
2020-08-24 16:34 ` Sasha Levin
2020-08-24 16:35 ` [PATCH AUTOSEL 5.8 60/63] libbpf: Fix map index used in error message Sasha Levin
2020-08-24 16:35 ` [PATCH AUTOSEL 5.8 61/63] bpf: selftests: global_funcs: Check err_str before strstr Sasha Levin
2020-08-24 16:35 ` [PATCH AUTOSEL 5.8 62/63] arm64: Move handling of erratum 1418040 into C code Sasha Levin
2020-08-24 16:35 ` Sasha Levin
2020-08-24 16:35 ` [PATCH AUTOSEL 5.8 63/63] arm64: Allow booting of late CPUs affected by erratum 1418040 Sasha Levin
2020-08-24 16:35 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200824163504.605538-48-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=himanshu.madhani@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=njavali@marvell.com \
--cc=qutran@marvell.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.