github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 23:23:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
82e0551186
linux/drivers
History
Martin Peschke 82e0551186 SCSI: zfcp: only access zfcp_scsi_dev for valid scsi_device 
commit d436de8ce2 upstream.

__scsi_remove_device (e.g. due to dev_loss_tmo) calls
zfcp_scsi_slave_destroy which in turn sends a close LUN FSF request to
the adapter. After 30 seconds without response,
zfcp_erp_timeout_handler kicks the ERP thread failing the close LUN
ERP action. zfcp_erp_wait in zfcp_erp_lun_shutdown_wait and thus
zfcp_scsi_slave_destroy returns and then scsi_device is no longer
valid. Sometime later the response to the close LUN FSF request may
finally come in. However, commit
b62a8d9b45
"[SCSI] zfcp: Use SCSI device data zfcp_scsi_dev instead of zfcp_unit"
introduced a number of attempts to unconditionally access struct
zfcp_scsi_dev through struct scsi_device causing a use-after-free.
This leads to an Oops due to kernel page fault in one of:
zfcp_fsf_abort_fcp_command_handler, zfcp_fsf_open_lun_handler,
zfcp_fsf_close_lun_handler, zfcp_fsf_req_trace,
zfcp_fsf_fcp_handler_common.
Move dereferencing of zfcp private data zfcp_scsi_dev allocated in
scsi_device via scsi_transport_reserve_device after the check for
potentially aborted FSF request and thus no longer valid scsi_device.
Only then assign sdev_to_zfcp(sdev) to the local auto variable struct
zfcp_scsi_dev *zfcp_sdev.

Signed-off-by: Martin Peschke <mpeschke@linux.vnet.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-13 05:38:47 +09:00
..
accessibility vt:tackle kbd_table 2012-03-08 10:50:35 -08:00
acpi ACPI: run _OSC after ACPI_FULL_INITIALIZATION 2012-10-13 05:38:37 +09:00
amba ARM: 7366/3: amba: Remove AMBA level regulator support 2012-04-13 14:04:08 +01:00
ata libata: Prevent interface errors with Seagate FreeAgent GoFlex 2012-10-02 10:30:35 -07:00
atm solos-pci: Fix DMA support 2012-06-10 00:36:08 +09:00
auxdisplay
base PM / Sleep: use resume event when call dpm_resume_early 2012-10-13 05:38:39 +09:00
bcma bcma: add ext PA workaround for BCM4331 and BCM43431 2012-06-17 11:21:26 -07:00
block aoe: assert AoE packets marked as requiring no checksum 2012-10-13 05:38:46 +09:00
bluetooth Bluetooth: Add support for Apple vendor-specific devices 2012-10-02 10:30:34 -07:00
cdrom powerpc: Remove some of the legacy iSeries specific device drivers 2012-03-16 09:28:05 +11:00
char TTY: ttyprintk, don't touch behind tty->write_buf 2012-10-07 08:32:24 -07:00
clk clk: Check parent for NULL in clk_change_rate 2012-07-19 08:58:59 -07:00
clocksource Revert "clocksource: Load the ACPI PM clocksource asynchronously" 2012-04-12 00:05:05 +02:00
connector
cpufreq cpufreq/powernow-k8: workqueue user shouldn't migrate the kworker to another CPU 2012-10-02 10:29:50 -07:00
cpuidle Merge branches 'idle-fix' and 'misc' into release 2012-04-06 21:48:59 -04:00
crypto crypto: mv_cesa requires on CRYPTO_HASH to build 2012-05-15 01:10:06 +00:00
dca
devfreq ARM: global cleanups 2012-03-27 16:03:32 -07:00
dio
dma drivers/dma/dmaengine.c: lower the priority of 'failed to get' dma channel message 2012-10-13 05:38:38 +09:00
edac edac: fix the error about memory type detection on SandyBridge 2012-06-22 11:37:15 -07:00
eisa
firewire Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
firmware firmware: Add missing attributes to EFI variable attribute print out from sysfs 2012-10-07 08:32:26 -07:00
gpio gpio-lpc32xx: Fix value handling of gpio_direction_output() 2012-10-02 10:30:48 -07:00
gpu drm/savage: re-add busmaster enable, regression fix 2012-10-13 05:38:46 +09:00
hid HID: Fix logitech-dj: missing Unifying device issue 2012-10-02 10:30:06 -07:00
hsi HSI: hsi_char: Remove max_data_size from sysfs 2012-04-23 14:23:32 +03:00
hv Tools: hv: Support enumeration from all the pools 2012-03-16 13:36:04 -07:00
hwmon hwmon: (ad7314) Add 'name' sysfs attribute 2012-10-02 10:30:06 -07:00
hwspinlock hwspinlock/core: use global ID to register hwspinlocks on multiple devices 2012-07-16 09:04:25 -07:00
i2c i2c-i801: Add Device IDs for Intel Lynx Point-LP PCH 2012-09-14 10:00:33 -07:00
ide Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
idle simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
ieee802154
infiniband IB/srp: Avoid having aborted requests hang 2012-10-07 08:32:29 -07:00
input Input: i8042 - disable mux on Toshiba C850D 2012-10-02 10:30:09 -07:00
iommu intel-iommu: Default to non-coherent for domains unattached to iommus 2012-10-13 05:38:37 +09:00
isdn isdnloop: fix and simplify isdnloop_init() 2012-10-02 10:29:35 -07:00
leds drivers/leds: correct __devexit annotations 2012-05-10 15:06:44 -07:00
lguest
macintosh Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mca
md dm verity: fix overflow check 2012-10-07 08:32:22 -07:00
media media: gspca_pac7302: add support for device 1ae7:2001 Speedlink Snappy Microphone SL-6825-SBK 2012-10-13 05:38:37 +09:00
memstick memstick: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:19 +08:00
message Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mfd mfd: max8925: Move _IO resources out of ioport_ioresource 2012-10-13 05:38:38 +09:00
misc drivers/misc/sgi-xp/xpc_uv.c: SGI XPC fails to load when cpu 0 is out of IRQ resources 2012-10-02 10:30:22 -07:00
mmc mmc: card: Skip secure erase on MoviNAND; causes unrecoverable corruption. 2012-10-02 10:29:54 -07:00
mtd UBI: fix autoresize handling in R/O mode 2012-10-07 08:32:28 -07:00
net pppoe: drop PPPOX_ZOMBIEs in pppoe_release 2012-10-13 05:38:44 +09:00
nfc
nubus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
of gpio: Fix range check in of_gpio_simple_xlate() 2012-04-10 14:20:56 -06:00
oprofile oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array 2012-07-16 09:04:21 -07:00
parisc parisc: move definition of PAGE0 to asm/page.h 2012-05-10 15:12:08 -07:00
parport
pci PCI: acpiphp: check whether _ADR evaluation succeeded 2012-10-13 05:38:38 +09:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2012-03-29 16:00:48 -07:00
pinctrl pinctrl: implement pinctrl_check_ops 2012-04-11 09:31:02 +02:00
platform asus-nb-wmi: add some video toggle keys 2012-10-02 10:30:23 -07:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
power Various small bugfixes and enhancements, plus two new drivers: 2012-03-30 16:09:02 -07:00
pps
ps3
ptp ptp_pch: Add missing #include <linux/slab.h> 2012-05-16 14:44:44 -04:00
rapidio rapidio/tsi721: fix unused variable compiler warning 2012-09-14 10:00:20 -07:00
regulator regulator: twl-regulator: fix up VINTANA1/VINTANA2 2012-09-14 10:00:21 -07:00
remoteproc remoteproc: fix a potential NULL-dereference on cleanup 2012-10-07 08:32:28 -07:00
rpmsg rpmsg: fix dependency on initialization order 2012-07-19 08:58:57 -07:00
rtc drivers/rtc/rtc-rs5c348.c: fix hour decoding in 12-hour mode 2012-10-02 10:30:21 -07:00
s390 SCSI: zfcp: only access zfcp_scsi_dev for valid scsi_device 2012-10-13 05:38:47 +09:00
sbus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
scsi drivers/scsi/atp870u.c: fix bad use of udelay 2012-10-13 05:38:38 +09:00
sfi
sh SuperH updates for 3.4 merge window 2012-03-30 00:09:17 -07:00
sn
spi spi/pl022: disable port when unused 2012-08-09 08:31:38 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
staging staging: comedi: fix memory leak for saved channel list 2012-10-07 08:32:24 -07:00
target target: Fix ->data_length re-assignment bug with SCSI overflow 2012-10-02 10:29:51 -07:00
tc
thermal thermal: Fix for setting the thermal zone mode to enable/disable 2012-03-22 01:10:18 -04:00
tty n_gsm: memory leak in uplink error path 2012-10-07 08:32:27 -07:00
uio
usb Increase XHCI suspend timeout to 16ms 2012-10-07 08:32:27 -07:00
uwb uwb: fix error handling 2012-04-18 13:15:51 -07:00
vhost vhost-net: fix handle_rx buffer size 2012-05-11 18:16:57 -04:00
video fbcon: fix race condition between console lock and cursor timer (v1.1) 2012-10-02 10:30:22 -07:00
virt
virtio virtio: balloon: let host know of updated balloon size before module removal 2012-05-17 12:14:34 +03:00
vlynq
w1 DS2781 Maxim Stand-Alone Fuel Gauge battery and w1 slave drivers 2012-03-08 11:15:33 -08:00
watchdog hpwdt: Fix kdump issue in hpwdt 2012-10-02 10:30:08 -07:00
xen xen/m2p: do not reuse kmap_op->dev_bus_addr 2012-10-02 10:30:06 -07:00
zorro
Kconfig Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00
Makefile Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00