system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-23 12:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Nicholas Bellinger 0a020436d8 loopback: Prevent uninitialized use of tl_tpg in tcm_loop_queuecommand 
This patch fixes a bug with tcm_loop where performing a scsi_host rescan was
causing an oops due to a received scsi_cmnd->device->id value not matching a
previously configured tcm_loop_tpg entry in tcm_loop_hba->tl_hba_tpgs[]
obtained from within tcm_loop_queuecommand() code.

This fix adds an explict check for tcm_loop_tpg->tl_hba in order to ensure
tcm_loop_make_naa_tpg() has already been invoked to initialize a given
tcm_loop_tpg entry, and also adds an explict clear of tcm_loop_tpg->tl_hba
from within the tcm_loop_drop_naa_tpg() release path.

This bug was manifesting itself with the following OOPs:

[176289.430909] BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
[176289.431337] IP: [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431399] PGD 22e9b067 PUD 23375067 PMD 0
[176289.431399] Oops: 0000 [#1] SMP
[176289.431815] CPU 1
[176289.431815] Modules linked in: tcm_loop target_core_stgt target_core_pscsi target_core_file target_core_iblock target_core_mod crc32c ib_cm ib_sa ib_mad ib_core qla2xxx scsi_tgt configfs fcoe libfcoe libfc scsi_transport_fc ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sr_mod cdrom sd_mod ata_piix libata e1000 mptspi mptscsih mptbase [last unloaded: target_core_mod]
[176289.431815]
[176289.431815] Pid: 12339, comm: LIO_iblock Tainted: G        W   3.1.0-rc8+
[176289.431815] RIP: 0010:[<ffffffffa0395617>]  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815] RSP: 0018:ffff880023bfbe10  EFLAGS: 00010283
[176289.431815] RAX: 0000000000000000 RBX: ffff88002d600040 RCX: ffff88002d600108
[176289.431815] RDX: ffff88000c9e50bc RSI: 0000000000000246 RDI: 0000000000000246
[176289.431815] RBP: ffff880023bfbee0 R08: ffff88002d600108 R09: 0000000000000000
[176289.431815] R10: ffff88002fc8cc80 R11: ffffffff81671b60 R12: ffff88002d600108
[176289.431815] R13: ffff88000c9e4f38 R14: ffff88000c9e50b8 R15: 0000000000000000
[176289.431815] FS:  0000000000000000(0000) GS:ffff88002fc80000(0000) knlGS:0000000000000000
[176289.431815] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[176289.431815] CR2: 0000000000000090 CR3: 000000002a33f000 CR4: 00000000000006e0
[176289.431815] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[176289.431815] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[176289.431815] Process LIO_iblock (pid: 12339, threadinfo ffff880023bfa000, task ffff88002a2e0000)
[176289.431815] Stack:
[176289.431815]  0000000000011280 0000000000000246 ffff88002a2e0000 ffff880023a58900
[176289.431815]  ffff880023bfbed0 ffff880023bfa000 ffff880023bfa000 ffff88000c9e50d0
[176289.431815]  ffff88000c9e50c0 ffff88000c9e50bc ffff880023bfa000 ffff880023bfbfd8
[176289.431815] Call Trace:
[176289.431815]  [<ffffffff81056657>] ? wake_up_bit+0x25/0x25
[176289.431815]  [<ffffffffa0395434>] ? transport_handle_cdb_direct+0x92/0x92 [target_core_mod]
[176289.431815]  [<ffffffff8105619a>] kthread+0x7d/0x85
[176289.431815]  [<ffffffff813cbcb4>] kernel_thread_helper+0x4/0x10
[176289.431815]  [<ffffffff8105611d>] ? kthread_worker_fn+0x16d/0x16d
[176289.431815]  [<ffffffff813cbcb0>] ? gs_change+0x13/0x13
[176289.431815] Code: 67 05 00 00 41 8b 84 24 4c ff ff ff ff c8 83 f8 11 0f 87 f0 04 00 00 89 c0 ff 24 c5 b0 c6 39 a0 0f 0b eb fe 48 8b 83 d8 00 00 00
[176289.431815] RIP  [<ffffffffa0395617>] transport_processing_thread+0x1e3/0x794 [target_core_mod]
[176289.431815]  RSP <ffff880023bfbe10>
[176289.431815] CR2: 0000000000000090
[176295.041004] ---[ end trace 85dc6865b23b8f3e ]---

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2011-10-24 03:21:01 +00:00
..
accessibility
acpi Merge branches 'apei', 'bz-13195' and 'doc' into acpi 2011-09-12 20:00:00 -04:00
amba
ata drivers/ata/sata_dwc_460ex.c: add missing kfree 2011-08-18 23:58:11 -04:00
atm
auxdisplay
base PM / Clocks: Do not acquire a mutex under a spinlock 2011-09-26 19:40:23 +02:00
bcma bcma: add uevent to the bus, to autoload drivers 2011-08-22 14:21:41 -04:00
block floppy: use del_timer_sync() in init cleanup 2011-09-21 10:22:11 +02:00
bluetooth Bluetooth: add support for 2011 mac mini 2011-09-17 17:16:03 -03:00
cdrom drivers/cdrom/cdrom.c: relax check on dvd manufacturer value 2011-08-02 12:43:50 +02:00
char TPM: Zero buffer after copying to userspace 2011-09-23 09:46:41 +10:00
clk
clocksource Merge branch 'common/core' into sh-latest 2011-08-08 16:33:54 +09:00
connector proc_fork_connector: a lockless ->real_parent usage is not safe 2011-07-28 18:26:32 -07:00
cpufreq drivers/cpufreq/pcc-cpufreq.c: avoid NULL pointer dereference 2011-09-14 18:09:38 -07:00
cpuidle cpuidle: stop depending on pm_idle 2011-08-03 19:06:37 -04:00
crypto n2_crypto: Attach on Niagara-T3. 2011-07-28 01:30:07 -07:00
dca
dio
dma dmaengine/ste_dma40: fix memory leak due to prepared descriptors 2011-09-05 17:08:26 +05:30
edac i7core_edac: fixed typo in error count calculation 2011-08-18 14:07:15 -07:00
eisa eisa/pci_eisa.c: fix BUG introduced by 005bdad7b8 2011-08-04 06:32:51 -10:00
firewire firewire: ohci: add no MSI quirk for O2Micro controller 2011-09-16 22:22:10 +02:00
firmware firmware: fix google/gsmi.c build warning 2011-08-08 13:53:49 -07:00
gpio drivers/gpio/gpio-generic.c: fix build errors 2011-09-14 18:09:38 -07:00
gpu drm/radeon/kms: use hardcoded dig encoder to transmitter mapping for DCE4.1 2011-10-06 11:45:30 +01:00
hid Merge branch 'for-linus' of git://github.com/dtor/input 2011-09-16 14:09:19 -07:00
hwmon hwmon: (coretemp) Avoid leaving around dangling pointer 2011-09-28 08:19:21 -07:00
hwspinlock
i2c i2c-tegra: fix possible race condition after tx 2011-09-07 00:13:40 +01:00
ide ide-disk: Fix request requeuing 2011-10-03 14:28:18 -04:00
idle
ieee802154
infiniband [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference 2011-09-26 09:28:01 -05:00
input Merge branch 'for-linus' of git://github.com/dtor/input 2011-10-05 09:22:38 -07:00
iommu x86, iommu: Mark DMAR IRQ as non-threaded 2011-09-13 23:44:53 +02:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
leds drivers/leds/ledtrig-timer.c: fix broken sysfs delay handling 2011-09-14 18:09:38 -07:00
lguest
macintosh
mca
md Merge branch 'for-linus' of http://people.redhat.com/agk/git/linux-dm 2011-10-06 08:31:47 -07:00
media [media] omap3isp: Fix build error in ispccdc.c 2011-09-21 22:18:26 -03:00
memstick
message Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-07-30 08:36:02 -10:00
mfd mfd: Fix generic irq chip ack function name for jz4740-adc 2011-09-21 13:06:34 +02:00
misc lis3: fix regression of HP DriveGuard with 8bit chip 2011-10-03 20:51:51 -07:00
mmc Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2011-09-21 13:20:21 -07:00
mtd UBI: do not link debug messages when debugging is disabled 2011-08-19 19:02:27 +03:00
net macvlan/macvtap: Fix unicast between macvtap interfaces in bridge mode 2011-10-04 23:31:23 -04:00
nfc
nubus
of Revert "dt: add of_alias_scan and of_alias_get_id" 2011-08-04 11:26:24 +01:00
oprofile
parisc
parport
pci PCI: Disable MPS configuration by default 2011-10-04 09:52:28 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2011-07-31 06:23:08 -10:00
platform acer-wmi: support Lenovo ideapad S205 wifi switch 2011-08-05 15:21:52 -04:00
pnp
power s3c-adc-battery: Fix compilation error due to missing header (module.h) 2011-08-19 21:01:46 +04:00
pps
ps3
ptp
rapidio rapidio: fix use of non-compatible registers 2011-08-25 16:25:34 -07:00
regulator Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6 2011-08-01 14:05:46 -10:00
rtc drivers/rtc/rtc-s3c.c: fix no occurrence of alarm interrupt 2011-09-14 18:09:38 -07:00
s390 [S390] cio: fix cio_tpi ignoring adapter interrupts 2011-09-26 16:40:50 +02:00
sbus
scsi [SCSI] libsas: fix panic when single phy is disabled on a wide port 2011-10-02 13:28:55 -05:00
sfi
sh Merge branch 'common/core' into sh-latest 2011-08-08 16:33:54 +09:00
sn
spi spi-topcliff-pch: Fix overrun issue 2011-10-04 10:10:50 -06:00
ssb
staging Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus 2011-10-10 14:39:03 +12:00
target loopback: Prevent uninitialized use of tl_tpg in tcm_loop_queuecommand 2011-10-24 03:21:01 +00:00
tc
telephony
thermal thermal: make THERMAL_HWMON implementation fully internal 2011-08-02 14:51:57 -04:00
tty Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus 2011-10-10 14:39:03 +12:00
uio
usb USB: xHCI: prevent infinite loop when processing MSE event 2011-09-19 17:15:47 -07:00
uwb
vhost
video backlight: Declare backlight_types[] const 2011-09-10 14:00:02 -07:00
virt
virtio
vlynq
w1 MAINTAINERS: Evgeniy has moved 2011-08-25 16:25:33 -07:00
watchdog watchdog: Initconst section fixes for watchdog 2011-09-20 14:32:00 +02:00
xen xen/irq: Alter the locking to use a mutex instead of a spinlock. 2011-09-15 04:32:02 -04:00
zorro zorro: Defer device_register() until all devices have been identified 2011-09-22 12:59:35 -07:00
Kconfig
Makefile