WSL2-Linux-Kernel/drivers/scsi/qla2xxx
Quinn Tran c07179037b scsi: qla2xxx: Fix use after free in eh_abort path
commit 3d33b303d4 upstream.

In eh_abort path driver prematurely exits the call to upper layer. Check
whether command is aborted / completed by firmware before exiting the call.

9 [ffff8b1ebf803c00] page_fault at ffffffffb0389778
  [exception RIP: qla2x00_status_entry+0x48d]
  RIP: ffffffffc04fa62d  RSP: ffff8b1ebf803cb0  RFLAGS: 00010082
  RAX: 00000000ffffffff  RBX: 00000000000e0000  RCX: 0000000000000000
  RDX: 0000000000000000  RSI: 00000000000013d8  RDI: fffff3253db78440
  RBP: ffff8b1ebf803dd0   R8: ffff8b1ebcd9b0c0   R9: 0000000000000000
  R10: ffff8b1e38a30808  R11: 0000000000001000  R12: 00000000000003e9
  R13: 0000000000000000  R14: ffff8b1ebcd9d740  R15: 0000000000000028
  ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
10 [ffff8b1ebf803cb0] enqueue_entity at ffffffffafce708f
11 [ffff8b1ebf803d00] enqueue_task_fair at ffffffffafce7b88
12 [ffff8b1ebf803dd8] qla24xx_process_response_queue at ffffffffc04fc9a6
[qla2xxx]
13 [ffff8b1ebf803e78] qla24xx_msix_rsp_q at ffffffffc04ff01b [qla2xxx]
14 [ffff8b1ebf803eb0] __handle_irq_event_percpu at ffffffffafd50714

Link: https://lore.kernel.org/r/20210908164622.19240-10-njavali@marvell.com
Fixes: f45bca8c50 ("scsi: qla2xxx: Fix double scsi_done for abort path")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: David Jeffery <djeffery@redhat.com>
Co-developed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-18 19:15:52 +01:00
..
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile scsi: qla2xxx: edif: Add start + stop bsgs 2021-07-27 00:06:42 -04:00
qla_attr.c scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file 2021-11-18 19:15:52 +01:00
qla_bsg.c scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() 2021-10-18 23:04:31 -04:00
qla_bsg.h scsi: qla2xxx: edif: Add start + stop bsgs 2021-07-27 00:06:42 -04:00
qla_dbg.c scsi: qla2xxx: Changes to support FCP2 Target 2021-08-11 23:17:42 -04:00
qla_dbg.h scsi: qla2xxx: edif: Add start + stop bsgs 2021-07-27 00:06:42 -04:00
qla_def.h scsi: qla2xxx: Fix NVMe retry 2021-08-23 22:36:54 -04:00
qla_devtbl.h
qla_dfs.c scsi: qla2xxx: Remove unnecessary NULL check 2021-01-22 22:04:16 -05:00
qla_dsd.h scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h 2019-08-12 21:34:04 -04:00
qla_edif.c scsi: qla2xxx: edif: Fix returnvar.cocci warnings 2021-08-23 22:36:54 -04:00
qla_edif.h scsi: qla2xxx: edif: Add N2N support for EDIF 2021-08-23 22:36:53 -04:00
qla_edif_bsg.h scsi: qla2xxx: edif: Add start + stop bsgs 2021-07-27 00:06:42 -04:00
qla_fw.h scsi: qla2xxx: edif: Add N2N support for EDIF 2021-08-23 22:36:53 -04:00
qla_gbl.h scsi: qla2xxx: edif: Add N2N support for EDIF 2021-08-23 22:36:53 -04:00
qla_gs.c scsi: qla2xxx: Fix NVMe retry 2021-08-23 22:36:54 -04:00
qla_init.c scsi: qla2xxx: Restore initiator in dual mode 2021-09-21 23:58:57 -04:00
qla_inline.h scsi: qla2xxx: edif: Add N2N support for EDIF 2021-08-23 22:36:53 -04:00
qla_iocb.c scsi: qla2xxx: edif: Do secure PLOGI when auth app is present 2021-08-23 22:36:53 -04:00
qla_isr.c scsi: qla2xxx: Fix excessive messages during device logout 2021-09-28 22:49:25 -04:00
qla_mbx.c scsi: qla2xxx: Fix NVMe session down detection 2021-08-23 22:36:54 -04:00
qla_mid.c scsi: qla2xxx: Fix unsafe removal from linked list 2021-08-11 23:17:56 -04:00
qla_mr.c scsi: qla2xxx: Suppress Coverity complaints about dseg_r* 2021-03-24 21:47:20 -04:00
qla_mr.h scsi: qla2xxx: Suppress Coverity complaints about dseg_r* 2021-03-24 21:47:20 -04:00
qla_nvme.c scsi: qla2xxx: Fix crash in NVMe abort path 2021-11-18 19:15:52 +01:00
qla_nvme.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_nx.c scsi: qla2xxx: Remove unused variable 'status' 2021-07-27 00:06:42 -04:00
qla_nx.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_nx2.c scsi: qla2xxx: Simplify qla8044_minidump_process_control() 2021-03-24 21:47:21 -04:00
qla_nx2.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_os.c scsi: qla2xxx: Fix use after free in eh_abort path 2021-11-18 19:15:52 +01:00
qla_settings.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_sup.c scsi: qla2xxx: Remove redundant continue statement in a for-loop 2021-07-18 21:31:28 -04:00
qla_target.c scsi: qla2xxx: Fix unmap of already freed sgl 2021-10-18 23:19:44 -04:00
qla_target.h scsi: qla2xxx: edif: Add encryption to I/O path 2021-07-27 00:06:43 -04:00
qla_tmpl.c SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
qla_tmpl.h scsi: qla2xxx: Fix crash during driver load on big endian machines 2020-12-09 11:34:17 -05:00
qla_version.h scsi: qla2xxx: Update version to 10.02.06.200-k 2021-08-23 22:36:54 -04:00
tcm_qla2xxx.c Merge branch '5.12/scsi-fixes' into 5.13/scsi-staging 2021-04-05 22:57:29 -04:00
tcm_qla2xxx.h scsi: qla2xxx: deadlock by configfs_depend_item 2018-12-19 21:26:38 -05:00