From: Greg Kroah-Hartman Date: Thu, 20 Feb 2020 07:32:05 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.19.106~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f94359e08c570b23a69d2af2fa2baa437bc0269d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch --- diff --git a/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch b/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..de9076c1512 --- /dev/null +++ b/queue-4.4/scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch @@ -0,0 +1,76 @@ +From 35a79a63517981a8aea395497c548776347deda8 Mon Sep 17 00:00:00 2001 +From: Allen Pais +Date: Wed, 18 Sep 2019 22:06:58 +0530 +Subject: scsi: qla2xxx: fix a potential NULL pointer dereference + +From: Allen Pais + +commit 35a79a63517981a8aea395497c548776347deda8 upstream. + +alloc_workqueue is not checked for errors and as a result a potential +NULL dereference could occur. + +Link: https://lore.kernel.org/r/1568824618-4366-1-git-send-email-allen.pais@oracle.com +Signed-off-by: Allen Pais +Reviewed-by: Martin Wilck +Acked-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +[Ajay: Rewrote this patch for v4.4.y, as 4.4.y codebase is different from mainline] +Signed-off-by: Ajay Kaher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_os.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -429,6 +429,12 @@ static int qla25xx_setup_mode(struct scs + goto fail; + } + if (ql2xmultique_tag) { ++ ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1); ++ if (unlikely(!ha->wq)) { ++ ql_log(ql_log_warn, vha, 0x01e0, ++ "Failed to alloc workqueue.\n"); ++ goto fail; ++ } + /* create a request queue for IO */ + options |= BIT_7; + req = qla25xx_create_req_que(ha, options, 0, 0, -1, +@@ -436,9 +442,8 @@ static int qla25xx_setup_mode(struct scs + if (!req) { + ql_log(ql_log_warn, vha, 0x00e0, + "Failed to create request queue.\n"); +- goto fail; ++ goto fail2; + } +- ha->wq = alloc_workqueue("qla2xxx_wq", WQ_MEM_RECLAIM, 1); + vha->req = ha->req_q_map[req]; + options |= BIT_1; + for (ques = 1; ques < ha->max_rsp_queues; ques++) { +@@ -446,7 +451,7 @@ static int qla25xx_setup_mode(struct scs + if (!ret) { + ql_log(ql_log_warn, vha, 0x00e8, + "Failed to create response queue.\n"); +- goto fail2; ++ goto fail3; + } + } + ha->flags.cpu_affinity_enabled = 1; +@@ -460,11 +465,13 @@ static int qla25xx_setup_mode(struct scs + ha->max_rsp_queues, ha->max_req_queues); + } + return 0; +-fail2: ++ ++fail3: + qla25xx_delete_queues(vha); +- destroy_workqueue(ha->wq); +- ha->wq = NULL; + vha->req = ha->req_q_map[0]; ++fail2: ++ destroy_workqueue(ha->wq); ++ ha->wq = NULL; + fail: + ha->mqenable = 0; + kfree(ha->req_q_map); diff --git a/queue-4.4/series b/queue-4.4/series index 20ccf6e92d5..f800ee3e699 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -9,3 +9,4 @@ hwmon-pmbus-ltc2978-fix-pmbus-polling-of-mfr_common-definitions.patch jbd2-move-the-clearing-of-b_modified-flag-to-the-jou.patch jbd2-do-not-clear-the-bh_mapped-flag-when-forgetting.patch btrfs-print-message-when-tree-log-replay-starts.patch +scsi-qla2xxx-fix-a-potential-null-pointer-dereference.patch