* [PATCH][REPOST] lpfc: Fix illegal memory access on Abort IOCBs
@ 2021-04-21 23:44 James Smart
2021-04-27 3:07 ` Martin K. Petersen
0 siblings, 1 reply; 2+ messages in thread
From: James Smart @ 2021-04-21 23:44 UTC (permalink / raw)
To: linux-scsi; +Cc: James Smart, Justin Tee
In devloss timer handler and in backend calls to terminate remote port
io, there is logic to walk through all active IOCBs and validate them
to potentially trigger an abort request. This logic is causing illegal
memory accesses which leads to a crash. Abort IOCBs, which may be on
the list, do not have an associated lpfc_io_buf struct. The driver is
trying to map an lpfc_io_buf struct on the iocb and which results in a
bogus address thus the issue.
Fix by skipping over ABORT IOCBs (CLOSE IOCBs are ABORTS that don't send
ABTS) in the IOCB scan logic.
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
---
drivers/scsi/lpfc/lpfc_sli.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 06ccc0157bd8..579ac75dfe79 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -11804,13 +11804,20 @@ lpfc_sli_validate_fcp_iocb(struct lpfc_iocbq *iocbq, struct lpfc_vport *vport,
lpfc_ctx_cmd ctx_cmd)
{
struct lpfc_io_buf *lpfc_cmd;
+ IOCB_t *icmd = NULL;
int rc = 1;
if (!iocbq || iocbq->vport != vport)
return rc;
- if (!(iocbq->iocb_flag & LPFC_IO_FCP) ||
- !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ))
+ if (!(iocbq->iocb_flag & LPFC_IO_FCP) ||
+ !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ) ||
+ iocbq->iocb_flag & LPFC_DRIVER_ABORTED)
+ return rc;
+
+ icmd = &iocbq->iocb;
+ if (icmd->ulpCommand == CMD_ABORT_XRI_CN ||
+ icmd->ulpCommand == CMD_CLOSE_XRI_CN)
return rc;
lpfc_cmd = container_of(iocbq, struct lpfc_io_buf, cur_iocbq);
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH][REPOST] lpfc: Fix illegal memory access on Abort IOCBs
2021-04-21 23:44 [PATCH][REPOST] lpfc: Fix illegal memory access on Abort IOCBs James Smart
@ 2021-04-27 3:07 ` Martin K. Petersen
0 siblings, 0 replies; 2+ messages in thread
From: Martin K. Petersen @ 2021-04-27 3:07 UTC (permalink / raw)
To: linux-scsi, James Smart; +Cc: Martin K . Petersen, Justin Tee
On Wed, 21 Apr 2021 16:44:33 -0700, James Smart wrote:
> In devloss timer handler and in backend calls to terminate remote port
> io, there is logic to walk through all active IOCBs and validate them
> to potentially trigger an abort request. This logic is causing illegal
> memory accesses which leads to a crash. Abort IOCBs, which may be on
> the list, do not have an associated lpfc_io_buf struct. The driver is
> trying to map an lpfc_io_buf struct on the iocb and which results in a
> bogus address thus the issue.
>
> [...]
Applied to 5.13/scsi-fixes, thanks!
[1/1] lpfc: Fix illegal memory access on Abort IOCBs
https://git.kernel.org/mkp/scsi/c/e1364711359f
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-27 3:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 23:44 [PATCH][REPOST] lpfc: Fix illegal memory access on Abort IOCBs James Smart
2021-04-27 3:07 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.