From: Greg Kroah-Hartman Date: Tue, 4 Mar 2014 19:10:45 +0000 (-0800) Subject: 3.13-stable patches X-Git-Tag: v3.10.33~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=128452d757b8f9ca8024f917a2e14b09e761f718;p=thirdparty%2Fkernel%2Fstable-queue.git 3.13-stable patches added patches: qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch --- diff --git a/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch b/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch new file mode 100644 index 00000000000..1c856d92815 --- /dev/null +++ b/queue-3.13/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch @@ -0,0 +1,59 @@ +From 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc Mon Sep 17 00:00:00 2001 +From: "Dr. Greg Wettstein" +Date: Mon, 24 Feb 2014 13:59:53 -0600 +Subject: qla2xxx: Fix kernel panic on selective retransmission request + +From: "Dr. Greg Wettstein" + +commit 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc upstream. + +A selective retransmission request (SRR) is a fibre-channel +protocol control request which provides support for requesting +retransmission of a data sequence in response to an issue such as +frame loss or corruption. These events are experienced +infrequently in fibre-channel based networks which makes +it difficult to test and assess codepaths which handle these +events. + +We were fortunate enough, for some definition of fortunate, to +have a metro-area single-mode SAN link which, at 10 GBPS +sustained load levels, would consistently generate SRR's in +a SCST based target implementation using our SCST/in-kernel +Qlogic target interface driver. In response to an SRR the +in-kernel Qlogic target driver immediately panics resulting +in a catastrophic storage failure for serviced initiators. + +The culprit was a debug statement in the qla_target.c file which +does not verify that a pointer to the SCSI CDB is not null. +The unchecked pointer dereference results in the kernel panic +and resultant system failure. + +The other two references to the SCSI CDB by the SRR handling code +use a ternary operator to verify a non-null pointer is being +acted on. This patch simply adds a similar test to the implicated +debug statement. + +This patch is a candidate for any stable kernel being maintained +since it addresses a potentially catastrophic event with +minimal downside. + +Signed-off-by: Dr. Greg Wettstein +Signed-off-by: Nicholas Bellinger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_target.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -3186,7 +3186,8 @@ restart: + ql_dbg(ql_dbg_tgt_mgt, vha, 0xf02c, + "SRR cmd %p (se_cmd %p, tag %d, op %x), " + "sg_cnt=%d, offset=%d", cmd, &cmd->se_cmd, cmd->tag, +- se_cmd->t_task_cdb[0], cmd->sg_cnt, cmd->offset); ++ se_cmd->t_task_cdb ? se_cmd->t_task_cdb[0] : 0, ++ cmd->sg_cnt, cmd->offset); + + qlt_handle_srr(vha, sctio, imm); + diff --git a/queue-3.13/series b/queue-3.13/series index bab85f1ef91..e0567130215 100644 --- a/queue-3.13/series +++ b/queue-3.13/series @@ -155,3 +155,4 @@ input-arizona-haptics-fix-double-lock-of-dapm_mutex.patch mm-thp-fix-infinite-loop-on-memcg-oom.patch irq-metag-stop-set_affinity-vectoring-to-offline-cpus.patch arm64-unwind-fix-pc-calculation.patch +qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch