iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8e9a3250dc
linux/drivers/scsi/lpfc
History
James Smart 8e9a3250dc scsi: lpfc: Fix use after free in lpfc_els_free_iocb 
There are several code paths where the following sequence occurs:

 - An ndlp pointer is assigned to an iocb via a nlp_get()

 - An attempt is made to issue the iocb, but it fails

 - The failure case does a put on the ndlp then calls lpfc_els_free_iocb()

The put may free the ndlp structure, but the els_free_iocb may reference
the now-stale ndlp pointer and cause a crash.

Fix by ensuring that the lpfc_els_free_iocb() occurs before the
lpfc_nlp_put().

While fixing, refactor the code to better ensure this calling sequence.

Link: https://lore.kernel.org/r/20210301171821.3427-11-jsmart2021@gmail.com
Co-developed-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-04 17:37:04 -05:00
..
lpfc_attr.c scsi: lpfc: Implement health checking when aborting I/O 2021-01-07 23:02:37 -05:00
lpfc_attr.h
lpfc_bsg.c scsi: lpfc: Simplify bool comparison 2021-01-13 00:28:22 -05:00
lpfc_bsg.h scsi: lpfc: Allow applications to issue Common Set Features mailbox command 2020-07-02 23:06:40 -04:00
lpfc_compat.h
lpfc_crtn.h scsi: lpfc: Implement health checking when aborting I/O 2021-01-07 23:02:37 -05:00
lpfc_ct.c scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() 2020-11-19 22:19:41 -05:00
lpfc_debugfs.c scsi: lpfc: Update changed file copyrights for 2020 2020-11-17 00:43:56 -05:00
lpfc_debugfs.h scsi: lpfc: Make debugfs ktime stats generic for NVME and SCSI 2020-03-29 18:10:58 -04:00
lpfc_disc.h scsi: lpfc: Fix stale node accesses on stale RRQ request 2021-03-04 17:37:04 -05:00
lpfc_els.c scsi: lpfc: Fix use after free in lpfc_els_free_iocb 2021-03-04 17:37:04 -05:00
lpfc_hbadisc.c scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() 2021-03-04 17:37:03 -05:00
lpfc_hw4.h scsi: lpfc: Update changed file copyrights for 2020 2020-11-17 00:43:56 -05:00
lpfc_hw.h scsi: lpfc: Reject CT request for MIB commands 2020-10-26 21:42:39 -04:00
lpfc_ids.h
lpfc_init.c scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability 2021-01-07 23:02:37 -05:00
lpfc_logmsg.h scsi: lpfc: Add an internal trace log buffer 2020-07-02 23:06:49 -04:00
lpfc_mbox.c scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() 2021-01-22 22:01:57 -05:00
lpfc_mem.c scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() 2020-10-26 21:42:38 -04:00
lpfc_nl.h
lpfc_nportdisc.c scsi: lpfc: Fix pt2pt connection does not recover after LOGO 2021-03-04 17:37:04 -05:00
lpfc_nvme.c SCSI misc on 20210219 2021-02-22 10:24:58 -08:00
lpfc_nvme.h scsi: lpfc: Update changed file copyrights for 2020 2020-11-17 00:43:56 -05:00
lpfc_nvmet.c scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe 2021-03-04 17:37:03 -05:00
lpfc_scsi.c scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf 2021-03-04 17:37:04 -05:00
lpfc_scsi.h
lpfc_sli4.h scsi: lpfc: Add FDMI Vendor MIB support 2020-10-26 21:42:39 -04:00
lpfc_sli.c scsi: lpfc: Fix stale node accesses on stale RRQ request 2021-03-04 17:37:04 -05:00
lpfc_sli.h scsi: lpfc: Update changed file copyrights for 2020 2020-11-17 00:43:56 -05:00
lpfc_version.h scsi: lpfc: Update lpfc version to 12.8.0.7 2021-01-07 23:02:37 -05:00
lpfc_vport.c scsi: lpfc: Fix vport create logging 2021-01-07 23:02:36 -05:00
lpfc_vport.h
lpfc.h scsi: lpfc: Implement health checking when aborting I/O 2021-01-07 23:02:37 -05:00
Makefile