From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Justin Tee <justin.tee@broadcom.com>,
James Smart <jsmart2021@gmail.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 21/37] scsi: lpfc: Fix illegal memory access on Abort IOCBs
Date: Thu, 20 May 2021 11:22:42 +0200 [thread overview]
Message-ID: <20210520092052.975357097@linuxfoundation.org> (raw)
In-Reply-To: <20210520092052.265851579@linuxfoundation.org>
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit e1364711359f3ced054bda9920477c8bf93b74c5 ]
In devloss timer handler and in backend calls to terminate remote port I/O,
there is logic to walk through all active IOCBs and validate them to
potentially trigger an abort request. This logic is causing illegal memory
accesses which leads to a crash. Abort IOCBs, which may be on the list, do
not have an associated lpfc_io_buf struct. The driver is trying to map an
lpfc_io_buf struct on the IOCB and which results in a bogus address thus
the issue.
Fix by skipping over ABORT IOCBs (CLOSE IOCBs are ABORTS that don't send
ABTS) in the IOCB scan logic.
Link: https://lore.kernel.org/r/20210421234433.102079-1-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index ef7cef316d21..795460eda6a5 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -11337,13 +11337,20 @@ lpfc_sli_validate_fcp_iocb(struct lpfc_iocbq *iocbq, struct lpfc_vport *vport,
lpfc_ctx_cmd ctx_cmd)
{
struct lpfc_io_buf *lpfc_cmd;
+ IOCB_t *icmd = NULL;
int rc = 1;
if (iocbq->vport != vport)
return rc;
- if (!(iocbq->iocb_flag & LPFC_IO_FCP) ||
- !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ))
+ if (!(iocbq->iocb_flag & LPFC_IO_FCP) ||
+ !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ) ||
+ iocbq->iocb_flag & LPFC_DRIVER_ABORTED)
+ return rc;
+
+ icmd = &iocbq->iocb;
+ if (icmd->ulpCommand == CMD_ABORT_XRI_CN ||
+ icmd->ulpCommand == CMD_CLOSE_XRI_CN)
return rc;
lpfc_cmd = container_of(iocbq, struct lpfc_io_buf, cur_iocbq);
--
2.30.2
next prev parent reply other threads:[~2021-05-20 9:35 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-20 9:22 [PATCH 5.4 00/37] 5.4.121-rc1 review Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 01/37] x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 02/37] kgdb: fix gcc-11 warning on indentation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 03/37] usb: sl811-hcd: improve misleading indentation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 04/37] cxgb4: Fix the -Wmisleading-indentation warning Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 05/37] isdn: capi: fix mismatched prototypes Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 06/37] pinctrl: ingenic: Improve unreachable code generation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 07/37] xsk: Simplify detection of empty and full rings Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 08/37] virtio_net: Do not pull payload in skb->head Greg Kroah-Hartman
2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 09/37] ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6 Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 10/37] PCI: thunder: Fix compile testing Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 11/37] dmaengine: dw-edma: Fix crash on loading/unloading driver Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 12/37] ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 13/37] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 14/37] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 15/37] Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 16/37] um: Mark all kernel symbols as local Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 17/37] um: Disable CONFIG_GCOV with MODULES Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 18/37] ARM: 9075/1: kernel: Fix interrupted SMC calls Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 19/37] scripts/recordmcount.pl: Fix RISC-V regex for clang Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 20/37] riscv: Workaround mcount name prior to clang-13 Greg Kroah-Hartman
2021-05-20 9:22 ` Greg Kroah-Hartman [this message]
2021-05-20 9:22 ` [PATCH 5.4 22/37] ceph: fix fscache invalidation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 23/37] scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 24/37] bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 25/37] drm/amd/display: Fix two cursor duplication when using overlay Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 26/37] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 27/37] ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 28/37] block: reexpand iov_iter after read/write Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 29/37] lib: stackdepot: turn depot_lock spinlock to raw_spinlock Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 30/37] net: stmmac: Do not enable RX FIFO overflow interrupts Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 31/37] ip6_gre: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 32/37] sit: " Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 33/37] ip6_tunnel: " Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 34/37] ipv6: remove extra dev_hold() for fallback tunnels Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 35/37] KVM: arm64: Initialize VCPU mdcr_el2 before loading it Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 36/37] tweewide: Fix most Shebang lines Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 5.4 37/37] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
2021-05-20 15:24 ` [PATCH 5.4 00/37] 5.4.121-rc1 review Jon Hunter
2021-05-20 21:44 ` Shuah Khan
2021-05-20 22:53 ` Guenter Roeck
2021-05-21 4:39 ` Florian Fainelli
2021-05-22 9:39 ` Greg Kroah-Hartman
2021-05-21 5:23 ` Naresh Kamboju
2021-05-21 18:21 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210520092052.975357097@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jsmart2021@gmail.com \
--cc=justin.tee@broadcom.com \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.