drivers · e2c22a38fe299c4ed58aa4606fd435048c662a3a · Upstream / linux-stable

An error occurred while fetching folder content.

scsi: qla2xxx: Fix crash when I/O abort times out

Arun Easi authored 2 years ago

commit 68ad8318 upstream.

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace:
     qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]
     qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]
     qla_nvme_post_cmd+0x166/0x240 [qla2xxx]
     nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]
     blk_mq_dispatch_rq_list+0x17b/0x610
     __blk_mq_sched_dispatch_requests+0xb0/0x140
     blk_mq_sched_dispatch_requests+0x30/0x60
     __blk_mq_run_hw_queue+0x35/0x90
     __blk_mq_delay_run_hw_queue+0x161/0x180
     blk_execute_rq+0xbe/0x160
     __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]
     nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]
     nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]
     nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]
     process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was
already completed.

Verify that I/O and abort request are indeed outstanding before attempting
completion.

Fixes: 71c80b75

 ("scsi: qla2xxx: Do command completion on abort timeout")
Reported-by: Marco Patalano <mpatalan@redhat.com>
Tested-by: Marco Patalano <mpatalan@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20221129092634.15347-1-njavali@marvell.com

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

05382ed9

Name	Last commit	Last update
..
accessibility	speakup: replace utils' u_char with unsigned char	2 years ago
acpi	ACPI: x86: Add skip i2c clients quirk for Medion Lifetab S10346	2 years ago
amba	ARM: 9229/1: amba: Fix use-after-free in amba_read_periphid()	2 years ago
android	binder: validate alloc->mm in ->mmap() handler	2 years ago
ata	ata: libata: fix NCQ autosense logic	2 years ago
atm	atm: idt77252: fix use-after-free bugs caused by tst_timer	2 years ago
auxdisplay	i2c: Make remove callback return void	2 years ago
base	class: fix possible memory leak in __class_register()	2 years ago
bcma	Merge tag 'irq-core-2022-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2 years ago
block	floppy: Fix memory leak in do_floppy_init()	2 years ago
bluetooth	Bluetooth: hci_bcm: Add CYW4373A0 support	2 years ago
bus	bus: ixp4xx: Don't touch bit 7 on IXP42x	2 years ago
cdrom	block: remove blk_cleanup_disk	2 years ago
char	ipmi: fix memleak when unload ipmi driver	2 years ago
clk	clk: imx: imx8mp: add shared clk gate for usb suspend clk	2 years ago
clocksource	clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock()	2 years ago
comedi	comedi: convert sysfs snprintf to sysfs_emit	2 years ago
connector	connector/cn_proc: Use task_is_in_init_pid_ns()	3 years ago
counter	counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update	2 years ago
cpufreq	cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()	2 years ago
cpuidle	cpuidle: dt: Return the correct numbers of parsed idle states	2 years ago
crypto	crypto: hisilicon/qm - increase the memory of local variables	2 years ago
cxl	cxl/region: Recycle region ids	2 years ago
dax	device-dax: Fix duplicate 'hmem' device registration	2 years ago
dca	dca: Use PTR_ERR_OR_ZERO() to simplify code	5 years ago
devfreq
dio
dma-buf
dma
edac
eisa
extcon
firewire
firmware
fpga
fsi
gnss
gpio
gpu
greybus
hid
hsi
hte
hv
hwmon
hwspinlock
hwtracing
i2c
i3c
idle
iio
infiniband
input
interconnect
iommu
ipack
irqchip
isdn
leds
macintosh
mailbox
mcb
md
media
memory
memstick
message
mfd
misc
mmc
most
mtd
mux
net
nfc
ntb
nubus
nvdimm
nvme
nvmem
of
opp
parisc
parport
pci
pcmcia
peci
perf
phy
pinctrl
platform
pnp
power
powercap
pps
ps3
ptp
pwm
rapidio
ras

GitLab

Menu

Download source code

Download this directory