* [PATCH AUTOSEL 5.4 03/10] scsi: mpt3sas: Fix double free in attach error handling
[not found] <20200104033620.10977-1-sashal@kernel.org>
@ 2020-01-04 3:36 ` Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 04/10] scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 05/10] scsi: target/iblock: Fix protection error with blocks greater than 512B Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-01-04 3:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Dan Carpenter, Sreekanth Reddy, Martin K . Petersen, Sasha Levin,
MPT-FusionLinux.pdl, linux-scsi
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ee560e7bbab0c10cf3f0e71997fbc354ab2ee5cb ]
The caller also calls _base_release_memory_pools() on error so it leads to
a number of double frees:
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->chain_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->hpr_lookup' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->internal_lookup' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->pcie_sgl_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_free_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_post_free_array_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->reply_post_free_dma_pool' double freed
drivers/scsi/mpt3sas/mpt3sas_base.c:7207 mpt3sas_base_attach() warn: 'ioc->sense_dma_pool' double freed
Fixes: 74522a92bbf0 ("scsi: mpt3sas: Optimize I/O memory consumption in driver.")
Link: https://lore.kernel.org/r/20191203093652.gyntgvnkw2udatyc@kili.mountain
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
index fea3cb6a090b..752b71cfbe12 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -5234,7 +5234,6 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc)
&ct->chain_buffer_dma);
if (!ct->chain_buffer) {
ioc_err(ioc, "chain_lookup: pci_pool_alloc failed\n");
- _base_release_memory_pools(ioc);
goto out;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 5.4 04/10] scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
[not found] <20200104033620.10977-1-sashal@kernel.org>
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 03/10] scsi: mpt3sas: Fix double free in attach error handling Sasha Levin
@ 2020-01-04 3:36 ` Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 05/10] scsi: target/iblock: Fix protection error with blocks greater than 512B Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-01-04 3:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Varun Prakash, Martin K . Petersen, Sasha Levin, linux-scsi
From: Varun Prakash <varun@chelsio.com>
[ Upstream commit 71482fde704efdd8c3abe0faf34d922c61e8d76b ]
If cxgb4i_ddp_init() fails then cdev->cdev2ppm will be NULL, so add a check
for NULL pointer before dereferencing it.
Link: https://lore.kernel.org/r/1576676731-3068-1-git-send-email-varun@chelsio.com
Signed-off-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/cxgbi/libcxgbi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
index 3e17af8aedeb..2cd2761bd249 100644
--- a/drivers/scsi/cxgbi/libcxgbi.c
+++ b/drivers/scsi/cxgbi/libcxgbi.c
@@ -121,7 +121,8 @@ static inline void cxgbi_device_destroy(struct cxgbi_device *cdev)
"cdev 0x%p, p# %u.\n", cdev, cdev->nports);
cxgbi_hbas_remove(cdev);
cxgbi_device_portmap_cleanup(cdev);
- cxgbi_ppm_release(cdev->cdev2ppm(cdev));
+ if (cdev->cdev2ppm)
+ cxgbi_ppm_release(cdev->cdev2ppm(cdev));
if (cdev->pmap.max_connect)
cxgbi_free_big_mem(cdev->pmap.port_csk);
kfree(cdev);
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 5.4 05/10] scsi: target/iblock: Fix protection error with blocks greater than 512B
[not found] <20200104033620.10977-1-sashal@kernel.org>
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 03/10] scsi: mpt3sas: Fix double free in attach error handling Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 04/10] scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() Sasha Levin
@ 2020-01-04 3:36 ` Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2020-01-04 3:36 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Israel Rukshin, Max Gurtovoy, Sagi Grimberg, Martin K . Petersen,
Sasha Levin, linux-scsi, target-devel
From: Israel Rukshin <israelr@mellanox.com>
[ Upstream commit e4dc9a4c31fe10d1751c542702afc85be8a5c56a ]
The sector size of the block layer is 512 bytes, but integrity interval
size might be different (in case of 4K block size of the media). At the
initiator side the virtual start sector is the one that was originally
submitted by the block layer (512 bytes) for the Reftag usage. The
initiator converts the Reftag to integrity interval units and sends it to
the target. So the target virtual start sector should be calculated at
integrity interval units. prepare_fn() and complete_fn() don't remap
correctly the Reftag when using incorrect units of the virtual start
sector, which leads to the following protection error at the device:
"blk_update_request: protection error, dev sdb, sector 2048 op 0x0:(READ)
flags 0x10000 phys_seg 1 prio class 0"
To fix that, set the seed in integrity interval units.
Link: https://lore.kernel.org/r/1576078562-15240-1-git-send-email-israelr@mellanox.com
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_iblock.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
index 6949ea8bc387..51ffd5c002de 100644
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
@@ -646,7 +646,9 @@ iblock_alloc_bip(struct se_cmd *cmd, struct bio *bio,
}
bip->bip_iter.bi_size = bio_integrity_bytes(bi, bio_sectors(bio));
- bip_set_seed(bip, bio->bi_iter.bi_sector);
+ /* virtual start sector must be in integrity interval units */
+ bip_set_seed(bip, bio->bi_iter.bi_sector >>
+ (bi->interval_exp - SECTOR_SHIFT));
pr_debug("IBLOCK BIP Size: %u Sector: %llu\n", bip->bip_iter.bi_size,
(unsigned long long)bip->bip_iter.bi_sector);
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-01-04 3:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200104033620.10977-1-sashal@kernel.org>
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 03/10] scsi: mpt3sas: Fix double free in attach error handling Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 04/10] scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() Sasha Levin
2020-01-04 3:36 ` [PATCH AUTOSEL 5.4 05/10] scsi: target/iblock: Fix protection error with blocks greater than 512B Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).