1. 16 9月, 2017 1 次提交
  2. 31 8月, 2017 3 次提交
  3. 30 8月, 2017 1 次提交
    • B
      scsi: aacraid: Fix command send race condition · 1ae948fa
      Brian King 提交于
      This fixes a potential race condition observed on Power systems.
      
      Several places throughout the aacraid driver call aac_fib_send or
      similar to send a command to the aacraid adapter, then check the return
      code to determine if the command was actually sent to the adapter, then
      update the phase field in the scsi command scratch pad area to track
      that the firmware now owns this command.  However, there is nothing that
      ensures that by the time the aac_fib_send function returns and we go to
      write to the scsi command, that the command hasn't already completed and
      the scsi command has been freed.  This was causing random crashes in the
      TCP stack which was tracked down to be caused by memory that had been a
      struct request + scsi_cmnd being now used for an skbuff. Memory
      poisoning was enabled in the kernel to debug this which showed that the
      last owner of the memory that had been freed was aacraid and that it was
      a struct request.  The memory that was corrupted was the exact data
      pattern of AAC_OWNER_FIRMWARE and it was at the same offset that aacraid
      writes, which is scsicmd->SCp.phase. The patch below resolves this
      issue.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NBrian King <brking@linux.vnet.ibm.com>
      Tested-by: NWen Xiong <wenxiong@linux.vnet.ibm.com>
      Reviewed-by: NDave Carroll <david.carroll@microsemi.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      1ae948fa
  4. 17 8月, 2017 1 次提交
  5. 08 8月, 2017 7 次提交
  6. 27 7月, 2017 1 次提交
  7. 27 6月, 2017 2 次提交
  8. 13 6月, 2017 19 次提交
  9. 27 4月, 2017 1 次提交
  10. 12 4月, 2017 1 次提交
  11. 16 3月, 2017 1 次提交
  12. 07 3月, 2017 1 次提交
  13. 28 2月, 2017 1 次提交