4.4-stable patches

added patches:
	scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch

diff --git a/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch b/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch
new file mode 100644 (file)
index 0000000..de9076c
--- /dev/null
+++ b/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch
@@ -0,0 +1,76 @@
+From 35a79a63517981a8aea395497c548776347deda8 Mon Sep 17 00:00:00 2001
+From: Allen Pais <allen.pais@oracle.com>
+Date: Wed, 18 Sep 2019 22:06:58 +0530
+Subject: scsi: qla2xxx: fix a potential NULL pointer dereference
+
+From: Allen Pais <allen.pais@oracle.com>
+
+commit 35a79a63517981a8aea395497c548776347deda8 upstream.
+
+alloc_workqueue is not checked for errors and as a result a potential
+NULL dereference could occur.
+
+Link: https://lore.kernel.org/r/1568824618-4366-1-git-send-email-allen.pais@oracle.com
+Signed-off-by: Allen Pais <allen.pais@oracle.com>
+Reviewed-by: Martin Wilck <mwilck@suse.com>
+Acked-by: Himanshu Madhani <hmadhani@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+[Ajay: Rewrote this patch for v4.4.y, as 4.4.y codebase is different from mainline]
+Signed-off-by: Ajay Kaher <akaher@vmware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_os.c |   19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -429,6 +429,12 @@ static int qla25xx_setup_mode(struct scs
+               goto fail;
+       }
+       if (ql2xmultique_tag) {
++              ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1);
++              if (unlikely(!ha->wq)) {
++                      ql_log(ql_log_warn, vha, 0x01e0,
++                          "Failed to alloc workqueue.\n");
++                      goto fail;
++              }
+               /* create a request queue for IO */
+               options |= BIT_7;
+               req = qla25xx_create_req_que(ha, options, 0, 0, -1,
+@@ -436,9 +442,8 @@ static int qla25xx_setup_mode(struct scs
+               if (!req) {
+                       ql_log(ql_log_warn, vha, 0x00e0,
+                           "Failed to create request queue.\n");
+-                      goto fail;
++                      goto fail2;
+               }
+-              ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1);
+               vha->req = ha->req_q_map[req];
+               options |= BIT_1;
+               for (ques = 1; ques < ha->max_rsp_queues; ques++) {
+@@ -446,7 +451,7 @@ static int qla25xx_setup_mode(struct scs
+                       if (!ret) {
+                               ql_log(ql_log_warn, vha, 0x00e8,
+                                   "Failed to create response queue.\n");
+-                              goto fail2;
++                              goto fail3;
+                       }
+               }
+               ha->flags.cpu_affinity_enabled = 1;
+@@ -460,11 +465,13 @@ static int qla25xx_setup_mode(struct scs
+                   ha->max_rsp_queues, ha->max_req_queues);
+       }
+       return 0;
+-fail2:
++
++fail3:
+       qla25xx_delete_queues(vha);
+-      destroy_workqueue(ha->wq);
+-      ha->wq = NULL;
+       vha->req = ha->req_q_map[0];
++fail2:
++        destroy_workqueue(ha->wq);
++        ha->wq = NULL;
+ fail:
+       ha->mqenable = 0;
+       kfree(ha->req_q_map);

diff --git a/queue-4.4/series b/queue-4.4/series
index 20ccf6e92d501f8f01cf173bf5b7023bebce59a4..f800ee3e699bc8aa42c2647483ae9644c67c3245 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -9,3 +9,4 @@ hwmon-pmbus-ltc2978-fix-pmbus-polling-of-mfr_common-definitions.patch
 jbd2-move-the-clearing-of-b_modified-flag-to-the-jou.patch
 jbd2-do-not-clear-the-bh_mapped-flag-when-forgetting.patch
 btrfs-print-message-when-tree-log-replay-starts.patch
+scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch