From 01c1b774c76cdcfd8b41056b2d70c16eddc9b4f9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 4 Mar 2014 11:10:39 -0800 Subject: [PATCH] 3.10-stable patches added patches: qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch --- ...-on-selective-retransmission-request.patch | 59 +++++++++++++++++++ queue-3.10/series | 1 + 2 files changed, 60 insertions(+) create mode 100644 queue-3.10/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch diff --git a/queue-3.10/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch b/queue-3.10/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch new file mode 100644 index 00000000000..e746a790f0b --- /dev/null +++ b/queue-3.10/qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch @@ -0,0 +1,59 @@ +From 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc Mon Sep 17 00:00:00 2001 +From: "Dr. Greg Wettstein" +Date: Mon, 24 Feb 2014 13:59:53 -0600 +Subject: qla2xxx: Fix kernel panic on selective retransmission request + +From: "Dr. Greg Wettstein" + +commit 6f58c780e5a5b43a6d2121e0d43cdcba1d3cc5fc upstream. + +A selective retransmission request (SRR) is a fibre-channel +protocol control request which provides support for requesting +retransmission of a data sequence in response to an issue such as +frame loss or corruption. These events are experienced +infrequently in fibre-channel based networks which makes +it difficult to test and assess codepaths which handle these +events. + +We were fortunate enough, for some definition of fortunate, to +have a metro-area single-mode SAN link which, at 10 GBPS +sustained load levels, would consistently generate SRR's in +a SCST based target implementation using our SCST/in-kernel +Qlogic target interface driver. In response to an SRR the +in-kernel Qlogic target driver immediately panics resulting +in a catastrophic storage failure for serviced initiators. + +The culprit was a debug statement in the qla_target.c file which +does not verify that a pointer to the SCSI CDB is not null. +The unchecked pointer dereference results in the kernel panic +and resultant system failure. + +The other two references to the SCSI CDB by the SRR handling code +use a ternary operator to verify a non-null pointer is being +acted on. This patch simply adds a similar test to the implicated +debug statement. + +This patch is a candidate for any stable kernel being maintained +since it addresses a potentially catastrophic event with +minimal downside. + +Signed-off-by: Dr. Greg Wettstein +Signed-off-by: Nicholas Bellinger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qla2xxx/qla_target.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -3339,7 +3339,8 @@ restart: + ql_dbg(ql_dbg_tgt_mgt, vha, 0xf02c, + "SRR cmd %p (se_cmd %p, tag %d, op %x), " + "sg_cnt=%d, offset=%d", cmd, &cmd->se_cmd, cmd->tag, +- se_cmd->t_task_cdb[0], cmd->sg_cnt, cmd->offset); ++ se_cmd->t_task_cdb ? se_cmd->t_task_cdb[0] : 0, ++ cmd->sg_cnt, cmd->offset); + + qlt_handle_srr(vha, sctio, imm); + diff --git a/queue-3.10/series b/queue-3.10/series index 5d8b94fdeba..c8f16d87aa8 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -86,3 +86,4 @@ arm64-unwind-fix-pc-calculation.patch arm-tegra-only-run-pl310-init-on-systems-with-one.patch arm-7749-1-spinlock-retry-trylock-operation-if-strex-fails-on-free-lock.patch arm-7812-1-rwlocks-retry-trylock-operation-if-strex-fails-on-free-lock.patch +qla2xxx-fix-kernel-panic-on-selective-retransmission-request.patch -- 2.47.3