iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77618db346
linux/drivers/scsi/qla2xxx
History
Quinn Tran 097c06394c scsi: qla2xxx: Fix double free of dsd_list during driver load 
On driver load, scsi_add_host() can fail. This triggers the free path to
call qla2x00_mem_free() multiple times. This causes NULL pointer access of
ha->base_qpair. Add check before access.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
 IP: [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx]
 PGD 8000001fcfe4a067 PUD 1fc8f0a067 PMD 0
 Oops: 0000 [#1] SMP
 RIP: 0010:[<ffffffffc118f73c>]  [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx]
 RSP: 0018:ffff8ace97a93a30  EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff8ace8efd0000 RCX: 000000000000488f
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
 RBP: ffff8ace97a93a60 R08: 000000000001f040 R09: ffffffff8678209b
 R10: ffff8acf7d6df040 R11: ffffc591c0fcc980 R12: ffffffff87034800
 R13: ffff8acf0e3cc740 R14: ffff8ace8efd0000 R15: 00000000fffffff4
 FS:  00007f4cf5449740(0000) GS:ffff8acf7d6c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000030 CR3: 0000001fc2f6c000 CR4: 00000000007607e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  [<ffffffff86781f18>] ? kobject_put+0x28/0x60
  [<ffffffffc119a59c>] qla2x00_probe_one+0x19fc/0x3040 [qla2xxx]

Fixes: efeda3bf91 ("scsi: qla2xxx: Move resource to allow code reuse")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20231016101749.5059-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2023-10-16 21:07:05 -04:00
..
Kconfig scsi: Add HAS_IOPORT dependencies 2023-05-31 19:59:26 -04:00
Makefile
qla_attr.c scsi: qla2xxx: Remove unsupported ql2xenabledif option 2023-08-21 17:45:15 -04:00
qla_bsg.c scsi: qla2xxx: Pointer may be dereferenced 2023-06-14 22:06:02 -04:00
qla_bsg.h scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status 2022-09-01 00:30:55 -04:00
qla_dbg.c scsi: qla2xxx: Remove unsupported ql2xenabledif option 2023-08-21 17:45:15 -04:00
qla_dbg.h scsi: qla2xxx: Add Unsolicited LS Request and Response Support for NVMe 2023-08-21 17:45:14 -04:00
qla_def.h Merge branch '6.5/scsi-fixes' into 6.6/scsi-staging 2023-08-30 20:56:24 -04:00
qla_devtbl.h
qla_dfs.c scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() 2023-09-05 05:50:36 -04:00
qla_dsd.h
qla_edif_bsg.h scsi: qla2xxx: edif: Fix clang warning 2023-01-11 23:48:26 -05:00
qla_edif.c scsi: qla2xxx: Avoid fcport pointer dereference 2023-06-14 22:06:01 -04:00
qla_edif.h scsi: qla2xxx: Relocate/rename vp map 2023-01-11 23:48:25 -05:00
qla_fw.h scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status 2022-09-01 00:30:55 -04:00
qla_gbl.h Merge patch series "qla2xxx driver misc features" 2023-08-25 17:07:34 -04:00
qla_gs.c scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper 2023-06-07 21:27:28 -04:00
qla_init.c Merge branch '6.5/scsi-fixes' into 6.6/scsi-staging 2023-08-30 20:56:24 -04:00
qla_inline.h scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() 2023-09-05 05:36:08 -04:00
qla_iocb.c Merge branch '6.5/scsi-fixes' into 6.6/scsi-staging 2023-08-30 20:56:24 -04:00
qla_isr.c scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() 2023-09-05 05:36:08 -04:00
qla_mbx.c scsi: qla2xxx: Flush mailbox commands on chip reset 2023-08-21 17:45:14 -04:00
qla_mid.c scsi: qla2xxx: Declare SCSI host template const 2023-03-24 19:19:59 -04:00
qla_mr.c scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() 2023-05-16 21:41:34 -04:00
qla_mr.h
qla_nvme.c scsi: qla2xxx: Correct endianness for rqstlen and rsplen 2023-09-05 05:34:14 -04:00
qla_nvme.h scsi: qla2xxx: Add Unsolicited LS Request and Response Support for NVMe 2023-08-21 17:45:14 -04:00
qla_nx2.c scsi: qla2xxx: Use named initializers for q_dev_state 2022-02-22 21:11:07 -05:00
qla_nx2.h
qla_nx.c scsi: qla2xxx: Use named initializers for q_dev_state 2022-02-22 21:11:07 -05:00
qla_nx.h scsi: qla2xxx: Allow 32-byte CDBs 2023-08-21 17:37:42 -04:00
qla_os.c scsi: qla2xxx: Fix double free of dsd_list during driver load 2023-10-16 21:07:05 -04:00
qla_settings.h
qla_sup.c scsi: qla2xxx: Add devids and conditionals for 28xx 2022-01-24 23:57:32 -05:00
qla_target.c scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() 2023-09-05 05:36:08 -04:00
qla_target.h scsi: qla2xxx: Relocate/rename vp map 2023-01-11 23:48:25 -05:00
qla_tmpl.c scsi: qla2xxx: Fix premature hw access after PCI error 2022-01-24 23:57:30 -05:00
qla_tmpl.h
qla_version.h scsi: qla2xxx: Update version to 10.02.09.100-k 2023-08-21 17:45:15 -04:00
tcm_qla2xxx.c scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() 2023-09-05 05:36:08 -04:00
tcm_qla2xxx.h