3.13-stable patches

added patches:
	qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch

diff --git a/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch b/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch
new file mode 100644 (file)
index 0000000..1c856d9
--- /dev/null
+++ b/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch
@@ -0,0 +1,59 @@
+From 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc Mon Sep 17 00:00:00 2001
+From: "Dr. Greg Wettstein" <greg@enjellic.com>
+Date: Mon, 24 Feb 2014 13:59:53 -0600
+Subject: qla2xxx: Fix kernel panic on selective retransmission request
+
+From: "Dr. Greg Wettstein" <greg@enjellic.com>
+
+commit 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc upstream.
+
+A selective retransmission request (SRR) is a fibre-channel
+protocol control request which provides support for requesting
+retransmission of a data sequence in response to an issue such as
+frame loss or corruption.  These events are experienced
+infrequently in fibre-channel based networks which makes
+it difficult to test and assess codepaths which handle these
+events.
+
+We were fortunate enough, for some definition of fortunate, to
+have a metro-area single-mode SAN link which, at 10 GBPS
+sustained load levels, would consistently generate SRR's in
+a SCST based target implementation using our SCST/in-kernel
+Qlogic target interface driver.  In response to an SRR the
+in-kernel Qlogic target driver immediately panics resulting
+in a catastrophic storage failure for serviced initiators.
+
+The culprit was a debug statement in the qla_target.c file which
+does not verify that a pointer to the SCSI CDB is not null.
+The unchecked pointer dereference results in the kernel panic
+and resultant system failure.
+
+The other two references to the SCSI CDB by the SRR handling code
+use a ternary operator to verify a non-null pointer is being
+acted on.  This patch simply adds a similar test to the implicated
+debug statement.
+
+This patch is a candidate for any stable kernel being maintained
+since it addresses a potentially catastrophic event with
+minimal downside.
+
+Signed-off-by: Dr. Greg Wettstein <greg@enjellic.com>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/qla2xxx/qla_target.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/qla2xxx/qla_target.c
++++ b/drivers/scsi/qla2xxx/qla_target.c
+@@ -3186,7 +3186,8 @@ restart:
+               ql_dbg(ql_dbg_tgt_mgt, vha, 0xf02c,
+                   "SRR cmd %p (se_cmd %p, tag %d, op %x), "
+                   "sg_cnt=%d, offset=%d", cmd, &cmd->se_cmd, cmd->tag,
+-                  se_cmd->t_task_cdb[0], cmd->sg_cnt, cmd->offset);
++                  se_cmd->t_task_cdb ? se_cmd->t_task_cdb[0] : 0,
++                  cmd->sg_cnt, cmd->offset);
+ 
+               qlt_handle_srr(vha, sctio, imm);
+ 

diff --git a/queue-3.13/series b/queue-3.13/series
index bab85f1ef913c9b0bd5a3ae82c86dbc10d9e4970..e05671302158dcb56861077587356ed4385e6fb1 100644 (file)
--- a/queue-3.13/series
+++ b/queue-3.13/series
@@ -155,3 +155,4 @@ input-arizona-haptics-fix-double-lock-of-dapm_mutex.patch
 mm-thp-fix-infinite-loop-on-memcg-oom.patch
 irq-metag-stop-set_affinity-vectoring-to-offline-cpus.patch
 arm64-unwind-fix-pc-calculation.patch
+qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch