From: Greg Kroah-Hartman Date: Thu, 20 Feb 2020 07:32:24 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.19.106~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08b159fc70ea3137789d114e4e19a01ea6c36a33;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch --- diff --git a/queue-4.9/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch b/queue-4.9/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..e5411e38143 --- /dev/null +++ b/queue-4.9/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch @@ -0,0 +1,76 @@ +From 35a79a63517981a8aea395497c548776347deda8 Mon Sep 17 00:00:00 2001 +From: Allen Pais +Date: Wed, 18 Sep 2019 22:06:58 +0530 +Subject: scsi: qla2xxx: fix a potential NULL pointer dereference + +From: Allen Pais + +commit 35a79a63517981a8aea395497c548776347deda8 upstream. + +alloc_workqueue is not checked for errors and as a result a potential +NULL dereference could occur. + +Link: https://lore.kernel.org/r/1568824618-4366-1-git-send-email-allen.pais@oracle.com +Signed-off-by: Allen Pais +Reviewed-by: Martin Wilck +Acked-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +[Ajay: Rewrote this patch for v4.9.y, as 4.9.y codebase is different from mainline] +Signed-off-by: Ajay Kaher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_os.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -451,6 +451,12 @@ static int qla25xx_setup_mode(struct scs + goto fail; + } + if (ql2xmultique_tag) { ++ ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1); ++ if (unlikely(!ha->wq)) { ++ ql_log(ql_log_warn, vha, 0x01e0, ++ "Failed to alloc workqueue.\n"); ++ goto fail; ++ } + /* create a request queue for IO */ + options |= BIT_7; + req = qla25xx_create_req_que(ha, options, 0, 0, -1, +@@ -458,9 +464,8 @@ static int qla25xx_setup_mode(struct scs + if (!req) { + ql_log(ql_log_warn, vha, 0x00e0, + "Failed to create request queue.\n"); +- goto fail; ++ goto fail2; + } +- ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1); + vha->req = ha->req_q_map[req]; + options |= BIT_1; + for (ques = 1; ques < ha->max_rsp_queues; ques++) { +@@ -468,7 +473,7 @@ static int qla25xx_setup_mode(struct scs + if (!ret) { + ql_log(ql_log_warn, vha, 0x00e8, + "Failed to create response queue.\n"); +- goto fail2; ++ goto fail3; + } + } + ha->flags.cpu_affinity_enabled = 1; +@@ -482,11 +487,13 @@ static int qla25xx_setup_mode(struct scs + ha->max_rsp_queues, ha->max_req_queues); + } + return 0; +-fail2: ++ ++fail3: + qla25xx_delete_queues(vha); +- destroy_workqueue(ha->wq); +- ha->wq = NULL; + vha->req = ha->req_q_map[0]; ++fail2: ++ destroy_workqueue(ha->wq); ++ ha->wq = NULL; + fail: + ha->mqenable = 0; + kfree(ha->req_q_map); diff --git a/queue-4.9/series b/queue-4.9/series index b8c0bab5862..01c4dceb5a2 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -12,3 +12,4 @@ hwmon-pmbus-ltc2978-fix-pmbus-polling-of-mfr_common-definitions.patch jbd2-move-the-clearing-of-b_modified-flag-to-the-jou.patch jbd2-do-not-clear-the-bh_mapped-flag-when-forgetting.patch btrfs-print-message-when-tree-log-replay-starts.patch +scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch