github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 23:53:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
79efb02c7d
linux/drivers/target
History
Bodo Stroesser b5cd5c1e70 scsi: target: tcmu: Fix crash on ARM during cmd completion 
[ Upstream commit 5a0c256d96 ]

If tcmu_handle_completions() has to process a padding shorter than
sizeof(struct tcmu_cmd_entry), the current call to
tcmu_flush_dcache_range() with sizeof(struct tcmu_cmd_entry) as length
param is wrong and causes crashes on e.g. ARM, because
tcmu_flush_dcache_range() in this case calls
flush_dcache_page(vmalloc_to_page(start)); with start being an invalid
address above the end of the vmalloc'ed area.

The fix is to use the minimum of remaining ring space and sizeof(struct
tcmu_cmd_entry) as the length param.

The patch was tested on kernel 4.19.118.

See https://bugzilla.kernel.org/show_bug.cgi?id=208045#c10

Link: https://lore.kernel.org/r/20200629093756.8947-1-bstroesser@ts.fujitsu.com
Tested-by: JiangYu <lnsyyj@hotmail.com>
Acked-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-09-03 11:24:19 +02:00
..
iscsi scsi: target: fix hang when multiple threads try to destroy the same iscsi session 2020-04-21 09:03:11 +02:00
loopback
sbp
tcm_fc
Kconfig
Makefile
target_core_alua.c
target_core_alua.h
target_core_configfs.c
target_core_device.c scsi: target/core: Fix a race condition in the LUN lookup code 2020-01-27 14:50:38 +01:00
target_core_fabric_configfs.c
target_core_fabric_lib.c scsi: target: fix PR IN / READ FULL STATUS for FC 2020-05-02 17:25:56 +02:00
target_core_file.c
target_core_file.h
target_core_hba.c
target_core_iblock.c scsi: target/iblock: fix WRITE SAME zeroing 2020-05-06 08:13:31 +02:00
target_core_iblock.h scsi: target/core: Use the SECTOR_SHIFT constant 2019-09-16 08:22:16 +02:00
target_core_internal.h
target_core_pr.c
target_core_pr.h
target_core_pscsi.c
target_core_pscsi.h
target_core_rd.c
target_core_rd.h
target_core_sbc.c
target_core_spc.c scsi: target: use consistent left-aligned ASCII INQUIRY data 2019-01-26 09:32:38 +01:00
target_core_stat.c
target_core_tmr.c
target_core_tpg.c
target_core_transport.c scsi: target/core: Use kmem_cache_free() instead of kfree() 2019-02-23 09:07:26 +01:00
target_core_ua.c
target_core_ua.h
target_core_user.c scsi: target: tcmu: Fix crash on ARM during cmd completion 2020-09-03 11:24:19 +02:00
target_core_xcopy.c scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough 2019-01-26 09:32:38 +01:00
target_core_xcopy.h