Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2018-10-15 13:21:57 +0200
committerJohannes Thumshirn <jthumshirn@suse.de>2018-10-15 13:21:57 +0200
commit92a82295b3f808ec97372eb0fad9e54942fac571 (patch)
tree369ef15954129f573c1fb93c1d1bc923234ace20
parenta16c62fa0e63e54f4976ccb7c12c01303c441742 (diff)
scsi: qla2xxx: Fix memory leak for allocating abort IOCB
(bsc#1111830).
-rw-r--r--patches.drivers/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch101
-rw-r--r--series.conf1
2 files changed, 102 insertions, 0 deletions
diff --git a/patches.drivers/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch b/patches.drivers/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch
new file mode 100644
index 0000000000..3d52e46954
--- /dev/null
+++ b/patches.drivers/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch
@@ -0,0 +1,101 @@
+From: Quinn Tran <quinn.tran@cavium.com>
+Date: Thu, 26 Jul 2018 16:34:44 -0700
+Subject: scsi: qla2xxx: Fix memory leak for allocating abort IOCB
+Git-commit: 5e53be8e476a3397ed5383c23376f299555a2b43
+Patch-mainline: v4.18
+References: bsc#1111830
+
+In the case of IOCB QFull, Initiator code can leave behind a stale pointer
+to an SRB structure on the outstanding command array.
+
+Fixes: 82de802ad46e ("scsi: qla2xxx: Preparation for Target MQ.")
+Cc: stable@vger.kernel.org #v4.16+
+Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/scsi/qla2xxx/qla_iocb.c | 53 +++++++++++++++++++++--------------------
+ 1 file changed, 27 insertions(+), 26 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
+index a91cca52b5d5..dd93a22fe843 100644
+--- a/drivers/scsi/qla2xxx/qla_iocb.c
++++ b/drivers/scsi/qla2xxx/qla_iocb.c
+@@ -2130,34 +2130,11 @@ __qla2x00_alloc_iocbs(struct qla_qpair *qpair, srb_t *sp)
+ req_cnt = 1;
+ handle = 0;
+
+- if (!sp)
+- goto skip_cmd_array;
+-
+- /* Check for room in outstanding command list. */
+- handle = req->current_outstanding_cmd;
+- for (index = 1; index < req->num_outstanding_cmds; index++) {
+- handle++;
+- if (handle == req->num_outstanding_cmds)
+- handle = 1;
+- if (!req->outstanding_cmds[handle])
+- break;
+- }
+- if (index == req->num_outstanding_cmds) {
+- ql_log(ql_log_warn, vha, 0x700b,
+- "No room on outstanding cmd array.\n");
+- goto queuing_error;
+- }
+-
+- /* Prep command array. */
+- req->current_outstanding_cmd = handle;
+- req->outstanding_cmds[handle] = sp;
+- sp->handle = handle;
+-
+- /* Adjust entry-counts as needed. */
+- if (sp->type != SRB_SCSI_CMD)
++ if (sp && (sp->type != SRB_SCSI_CMD)) {
++ /* Adjust entry-counts as needed. */
+ req_cnt = sp->iocbs;
++ }
+
+-skip_cmd_array:
+ /* Check for room on request queue. */
+ if (req->cnt < req_cnt + 2) {
+ if (qpair->use_shadow_reg)
+@@ -2183,6 +2160,28 @@ __qla2x00_alloc_iocbs(struct qla_qpair *qpair, srb_t *sp)
+ if (req->cnt < req_cnt + 2)
+ goto queuing_error;
+
++ if (sp) {
++ /* Check for room in outstanding command list. */
++ handle = req->current_outstanding_cmd;
++ for (index = 1; index < req->num_outstanding_cmds; index++) {
++ handle++;
++ if (handle == req->num_outstanding_cmds)
++ handle = 1;
++ if (!req->outstanding_cmds[handle])
++ break;
++ }
++ if (index == req->num_outstanding_cmds) {
++ ql_log(ql_log_warn, vha, 0x700b,
++ "No room on outstanding cmd array.\n");
++ goto queuing_error;
++ }
++
++ /* Prep command array. */
++ req->current_outstanding_cmd = handle;
++ req->outstanding_cmds[handle] = sp;
++ sp->handle = handle;
++ }
++
+ /* Prep packet */
+ req->cnt -= req_cnt;
+ pkt = req->ring_ptr;
+@@ -2195,6 +2194,8 @@ __qla2x00_alloc_iocbs(struct qla_qpair *qpair, srb_t *sp)
+ pkt->handle = handle;
+ }
+
++ return pkt;
++
+ queuing_error:
+ qpair->tgt_counters.num_alloc_iocb_failed++;
+ return pkt;
+
diff --git a/series.conf b/series.conf
index eb5ba1f649..41cfcc0920 100644
--- a/series.conf
+++ b/series.conf
@@ -17036,6 +17036,7 @@
patches.fixes/fix-mntputmntput-race.patch
patches.fixes/fix-__legitimize_mntmntput-race.patch
patches.fixes/init-rename-and-re-order-boot_cpu_state_init.patch
+ patches.drivers/scsi-qla2xxx-fix-memory-leak-for-allocating-abort-iocb.patch
patches.fixes/genirq-Fix-editing-error-in-a-comment.patch
patches.suse/sched-numa-Remove-redundant-field.patch
patches.suse/sched-numa-Simplify-load_too_imbalanced.patch