From: Arun Easi aeasi@marvell.com
stable inclusion from linux-4.19.207 commit c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4AFG0?from=project-issue CVE: NA
-------------------------------------------------
RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0
Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.
Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout") Cc: stable@vger.kernel.org # 5.5 Reported-by: Laurence Oberman loberman@redhat.com Reported-by: Dan Carpenter dan.carpenter@oracle.com Reported-by: magicyan2022 Reviewed-by: Himanshu Madhani himanshu.madhani@oracle.com Signed-off-by: Arun Easi aeasi@marvell.com Signed-off-by: Nilesh Javali njavali@marvell.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: yin-xiujiang yinxiujiang@kylinos.cn --- drivers/scsi/qla2xxx/qla_os.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index bfbf213b15c0..8e9d386146ac 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1028,8 +1028,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, if (rval != QLA_SUCCESS) { ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x3078, "Start scsi failed rval=%d for cmd=%p.\n", rval, cmd); - if (rval == QLA_INTERFACE_ERROR) - goto qc24_free_sp_fail_command; goto qc24_host_busy_free_sp; }
@@ -1044,11 +1042,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, qc24_target_busy: return SCSI_MLQUEUE_TARGET_BUSY;
-qc24_free_sp_fail_command: - sp->free(sp); - CMD_SP(cmd) = NULL; - qla2xxx_rel_qpair_sp(sp->qpair, sp); - qc24_fail_command: cmd->scsi_done(cmd);
Good catch, thanks for your patch.
Reviewed-by: Xie XiuQi xiexiuqi@huawei.com
On 2021/9/24 11:16, yinxiujiang wrote:
From: Arun Easi aeasi@marvell.com
stable inclusion from linux-4.19.207 commit c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4AFG0?from=project-issue CVE: NA
RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.
Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout") Cc: stable@vger.kernel.org # 5.5 Reported-by: Laurence Oberman loberman@redhat.com Reported-by: Dan Carpenter dan.carpenter@oracle.com Reported-by: magicyan2022 Reviewed-by: Himanshu Madhani himanshu.madhani@oracle.com Signed-off-by: Arun Easi aeasi@marvell.com Signed-off-by: Nilesh Javali njavali@marvell.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: yin-xiujiang yinxiujiang@kylinos.cn
drivers/scsi/qla2xxx/qla_os.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index bfbf213b15c0..8e9d386146ac 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1028,8 +1028,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, if (rval != QLA_SUCCESS) { ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x3078, "Start scsi failed rval=%d for cmd=%p.\n", rval, cmd);
if (rval == QLA_INTERFACE_ERROR)goto qc24_free_sp_fail_command;@@ -1044,11 +1042,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, qc24_target_busy: return SCSI_MLQUEUE_TARGET_BUSY;
-qc24_free_sp_fail_command:
- sp->free(sp);
- CMD_SP(cmd) = NULL;
- qla2xxx_rel_qpair_sp(sp->qpair, sp);
qc24_fail_command: cmd->scsi_done(cmd);
Hi,尹秀江。
您好。
首先非常感谢您参与 openEuler kernel 开发。
您的 PATCH 已经合入 openEuler-20.03,对应 commit 号如下:
openEuler-1.0-LTS 208fe7f7a8cf5b24a5416580cd9770b93d52f1ff
该问题已经提交 issue
https://gitee.com/openeuler/kernel/issues/I4AFG0
如果您有什么信息要同步的,可以在 issue 里面更新, 或者联系 @成坚(gatieme)
最后
再次感谢您参与 openEuler,社区有您更精彩。
-- 谢谢
成坚(gatieme)
在 2021/9/24 11:16, yinxiujiang 写道:
From: Arun Easi aeasi@marvell.com
stable inclusion from linux-4.19.207 commit c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4AFG0?from=project-issue CVE: NA
RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.
Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout") Cc: stable@vger.kernel.org # 5.5 Reported-by: Laurence Oberman loberman@redhat.com Reported-by: Dan Carpenter dan.carpenter@oracle.com Reported-by: magicyan2022 Reviewed-by: Himanshu Madhani himanshu.madhani@oracle.com Signed-off-by: Arun Easi aeasi@marvell.com Signed-off-by: Nilesh Javali njavali@marvell.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: yin-xiujiang yinxiujiang@kylinos.cn
-
chengjian (D) -
Xie XiuQi -
yinxiujiang