p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_old1/drivers
History
Neil Horman e48f129c2f [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference 
This oops was reported recently:
d:mon> e
cpu 0xd: Vector: 300 (Data Access) at [c0000000fd4c7120]
    pc: d00000000076f194: .t3_l2t_get+0x44/0x524 [cxgb3]
    lr: d000000000b02108: .init_act_open+0x150/0x3d4 [cxgb3i]
    sp: c0000000fd4c73a0
   msr: 8000000000009032
   dar: 0
 dsisr: 40000000
  current = 0xc0000000fd640d40
  paca    = 0xc00000000054ff80
    pid   = 5085, comm = iscsid
d:mon> t
[c0000000fd4c7450] d000000000b02108 .init_act_open+0x150/0x3d4 [cxgb3i]
[c0000000fd4c7500] d000000000e45378 .cxgbi_ep_connect+0x784/0x8e8 [libcxgbi]
[c0000000fd4c7650] d000000000db33f0 .iscsi_if_rx+0x71c/0xb18
[scsi_transport_iscsi2]
[c0000000fd4c7740] c000000000370c9c .netlink_data_ready+0x40/0xa4
[c0000000fd4c77c0] c00000000036f010 .netlink_sendskb+0x4c/0x9c
[c0000000fd4c7850] c000000000370c18 .netlink_sendmsg+0x358/0x39c
[c0000000fd4c7950] c00000000033be24 .sock_sendmsg+0x114/0x1b8
[c0000000fd4c7b50] c00000000033d208 .sys_sendmsg+0x218/0x2ac
[c0000000fd4c7d70] c00000000033f55c .sys_socketcall+0x228/0x27c
[c0000000fd4c7e30] c0000000000086a4 syscall_exit+0x0/0x40
--- Exception: c01 (System Call) at 00000080da560cfc

The root cause was an EEH error, which sent us down the offload_close path in
the cxgb3 driver, which in turn sets cdev->l2opt to NULL, without regard for
upper layer driver (like the cxgbi drivers) which might have execution contexts
in the middle of its use. The result is the oops above, when t3_l2t_get attempts
to dereference L2DATA(cdev)->nentries in arp_hash right after the EEH error handler sets it to NULL.

The fix is to prevent the setting of the NULL pointer until after there are no
further users of it.  The t3cdev->l2opt pointer is now converted to be an rcu
pointer and the L2DATA macro is now called under the protection of the
rcu_read_lock().  When the EEH error path:
t3_adapter_error->offload_close->cxgb3_offload_deactivate
Is exectured, setting of that l2opt pointer to NULL, is now gated on an rcu
quiescence point, preventing, allowing L2DATA callers to safely check for a NULL
pointer without concern that the underlying data will be freeded before the
pointer is dereferenced.

This has been tested by the reporter and shown to fix the reproted oops

[nhorman: fix up unitinialised variable reported by Dan Carpenter]
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Karen Xie <kxie@chelsio.com>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
 		2011-09-26 09:28:01 -05:00
..
accessibility
acpi Merge branches 'apei', 'bz-13195' and 'doc' into acpi 2011-09-12 20:00:00 -04:00
amba
ata drivers/ata/sata_dwc_460ex.c: add missing kfree 2011-08-18 23:58:11 -04:00
atm atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
auxdisplay
base Merge branch 'for-linus' of git://opensource.wolfsonmicro.com/regmap 2011-09-08 16:47:52 -07:00
bcma bcma: add uevent to the bus, to autoload drivers 2011-08-22 14:21:41 -04:00
block floppy: use del_timer_sync() in init cleanup 2011-09-21 10:22:11 +02:00
bluetooth Bluetooth: add support for 2011 mac mini 2011-09-17 17:16:03 -03:00
cdrom drivers/cdrom/cdrom.c: relax check on dvd manufacturer value 2011-08-02 12:43:50 +02:00
char drivers/char/msm_smd_pkt.c: don't use IS_ERR() 2011-08-25 16:25:33 -07:00
clk
clocksource Merge branch 'common/core' into sh-latest 2011-08-08 16:33:54 +09:00
connector proc_fork_connector: a lockless ->real_parent usage is not safe 2011-07-28 18:26:32 -07:00
cpufreq drivers/cpufreq/pcc-cpufreq.c: avoid NULL pointer dereference 2011-09-14 18:09:38 -07:00
cpuidle cpuidle: stop depending on pm_idle 2011-08-03 19:06:37 -04:00
crypto n2_crypto: Attach on Niagara-T3. 2011-07-28 01:30:07 -07:00
dca
dio
dma dmaengine/ste_dma40: fix memory leak due to prepared descriptors 2011-09-05 17:08:26 +05:30
edac i7core_edac: fixed typo in error count calculation 2011-08-18 14:07:15 -07:00
eisa eisa/pci_eisa.c: fix BUG introduced by 005bdad7b8 2011-08-04 06:32:51 -10:00
firewire firewire: ohci: add no MSI quirk for O2Micro controller 2011-09-16 22:22:10 +02:00
firmware firmware: fix google/gsmi.c build warning 2011-08-08 13:53:49 -07:00
gpio drivers/gpio/gpio-generic.c: fix build errors 2011-09-14 18:09:38 -07:00
gpu drm/radeon/kms: Make GPU/CPU page size handling consistent in blit code (v2) 2011-09-18 19:44:36 +01:00
hid Merge branch 'for-linus' of git://github.com/dtor/input 2011-09-16 14:09:19 -07:00
hwmon hwmon: (coretemp) Initialize tmin 2011-09-14 03:55:05 -07:00
hwspinlock
i2c i2c-tegra: fix possible race condition after tx 2011-09-07 00:13:40 +01:00
ide drivers/ide/cy82c693.c: Add missing pci_dev_put 2011-08-04 01:30:34 -07:00
idle
ieee802154
infiniband [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference 2011-09-26 09:28:01 -05:00
input Merge branch 'for-linus' of git://github.com/dtor/input 2011-09-16 14:09:19 -07:00
iommu x86, iommu: Mark DMAR IRQ as non-threaded 2011-09-13 23:44:53 +02:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
leds drivers/leds/ledtrig-timer.c: fix broken sysfs delay handling 2011-09-14 18:09:38 -07:00
lguest
macintosh
mca
md md: Fix handling for devices from 2TB to 4TB in 0.90 metadata. 2011-09-10 17:21:28 +10:00
media [media] vp7045: fix buffer setup 2011-09-11 09:33:41 -03:00
memstick
message Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-07-30 08:36:02 -10:00
mfd mfd: Fix omap-usb-host build failure 2011-09-06 16:37:59 +02:00
misc drivers/misc/pti.c: give 'comm' function scope in pti_control_frame_built_and_sent() 2011-09-14 18:09:38 -07:00
mmc Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2011-09-21 13:20:21 -07:00
mtd UBI: do not link debug messages when debugging is disabled 2011-08-19 19:02:27 +03:00
net [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference 2011-09-26 09:28:01 -05:00
nfc NFC: pn533: use after free in pn533_disconnect() 2011-07-26 16:27:24 -04:00
nubus
of Revert "dt: add of_alias_scan and of_alias_get_id" 2011-08-04 11:26:24 +01:00
oprofile atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
parisc
parport Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-07-25 23:09:27 -07:00
pci pci: Don't crash when reading mpss from root complex 2011-09-13 16:08:31 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2011-07-31 06:23:08 -10:00
platform acer-wmi: support Lenovo ideapad S205 wifi switch 2011-08-05 15:21:52 -04:00
pnp Merge 'akpm' patch series 2011-07-25 21:00:19 -07:00
power s3c-adc-battery: Fix compilation error due to missing header (module.h) 2011-08-19 21:01:46 +04:00
pps
ps3
ptp
rapidio rapidio: fix use of non-compatible registers 2011-08-25 16:25:34 -07:00
regulator Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6 2011-08-01 14:05:46 -10:00
rtc drivers/rtc/rtc-s3c.c: fix no occurrence of alarm interrupt 2011-09-14 18:09:38 -07:00
s390 [S390] memory hotplug: only unassign assigned increments 2011-08-24 17:15:24 +02:00
sbus atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
scsi [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference 2011-09-26 09:28:01 -05:00
sfi
sh Merge branch 'common/core' into sh-latest 2011-08-08 16:33:54 +09:00
sn
spi spi/pl022: remove function cannot exit 2011-08-02 14:54:11 +01:00
ssb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
staging staging: zcache: fix cleancache crash 2011-09-20 14:17:13 -07:00
target iscsi-target: Fix sendpage breakage with proper padding+DataDigest iovec offsets 2011-09-16 23:47:07 +00:00
tc
telephony
thermal thermal: make THERMAL_HWMON implementation fully internal 2011-08-02 14:51:57 -04:00
tty cris: fix a build error in drivers/tty/serial/crisv10.c 2011-09-14 18:09:38 -07:00
uio Merge branch 'driver-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-07-25 23:06:24 -07:00
usb USB: xHCI: prevent infinite loop when processing MSE event 2011-09-19 17:15:47 -07:00
uwb
vhost atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
video backlight: Declare backlight_types[] const 2011-09-10 14:00:02 -07:00
virt
virtio virtio: expose for non-virtualization users too 2011-07-23 16:20:30 +09:30
vlynq
w1 MAINTAINERS: Evgeniy has moved 2011-08-25 16:25:33 -07:00
watchdog watchdog: Initconst section fixes for watchdog 2011-09-20 14:32:00 +02:00
xen xen/irq: Alter the locking to use a mutex instead of a spinlock. 2011-09-15 04:32:02 -04:00
zorro
Kconfig Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2011-07-25 22:59:39 -07:00
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2011-07-25 22:59:39 -07:00