1. 08 4月, 2017 3 次提交
    • C
      scsi: qedf: Fix crash due to unsolicited FIP VLAN response. · 8eaf7dfc
      Chad Dupuis 提交于
      We need to initialize qedf->fipvlan_compl in __qedf_probe so that if we
      receive an unsolicited FIP VLAN response, the system doesn't crash due
      to trying to complete an uninitialized completion.
      
      Also add a check to see if there are any waiters on the completion so we
      don't inadvertantly kick start the discovery process due to the
      unsolicited frame.
      
      Fixed the crash:
      
      <1>BUG: unable to handle kernel NULL pointer dereference at (null)
      <1>IP: [<ffffffff8105ed71>] __wake_up_common+0x31/0x90
      <4>PGD 0
      <4>Oops: 0000 [#1] SMP
      <4>last sysfs file: /sys/devices/system/cpu/online
      <4>CPU 7
      <4>Modules linked in: autofs4 nfs lockd fscache auth_rpcgss nfs_acl sunrpc target_core_iblock target_core_file target_core_pscsi target_core_mod configfs bnx2fc cnic fcoe 8021q garp stp llc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 vfat fat uinput ipmi_devintf microcode power_meter acpi_ipmi ipmi_si ipmi_msghandler iTCO_wdt iTCO_vendor_support dcdbas sg joydev sb_edac edac_core lpc_ich mfd_core shpchp tg3 ptp pps_core ext4 jbd2 mbcache sr_mod cdrom sd_mod crc_t10dif qedi(U) iscsi_boot_sysfs libiscsi scsi_transport_iscsi uio qedf(U) libfcoe libfc scsi_transport_fc scsi_tgt qede(U) qed(U) ahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]
      <4>
      <4>Pid: 1485, comm: qedf_11_ll2 Not tainted 2.6.32-642.el6.x86_64 #1 Dell Inc. PowerEdge R730/0599V5
      <4>RIP: 0010:[<ffffffff8105ed71>]  [<ffffffff8105ed71>] __wake_up_common+0x31/0x90
      <4>RSP: 0018:ffff881068a83d50  EFLAGS: 00010086
      <4>RAX: ffffffffffffffe8 RBX: ffff88106bf42de0 RCX: 0000000000000000
      <4>RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffff88106bf42de0
      <4>RBP: ffff881068a83d90 R08: 0000000000000000 R09: 00000000fffffffe
      <4>R10: 0000000000000000 R11: 000000000000000b R12: 0000000000000286
      <4>R13: ffff88106bf42de8 R14: 0000000000000000 R15: 0000000000000000
      <4>FS:  0000000000000000(0000) GS:ffff88089c460000(0000) knlGS:0000000000000000
      <4>CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      <4>CR2: 0000000000000000 CR3: 0000000001a8d000 CR4: 00000000001407e0
      <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      <4>Process qedf_11_ll2 (pid: 1485, threadinfo ffff881068a80000, task ffff881068a70040)
      <4>Stack:
      <4> ffff88106ef00090 0000000300000001 ffff881068a83d90 ffff88106bf42de0
      <4><d> 0000000000000286 ffff88106bf42dd8 ffff88106bf40a50 0000000000000002
      <4><d> ffff881068a83dc0 ffffffff810634c7 ffff881000000003 000000000000000b
      <4>Call Trace:
      <4> [<ffffffff810634c7>] complete+0x47/0x60
      <4> [<ffffffffa01d37e7>] qedf_fip_recv+0x1c7/0x450 [qedf]
      <4> [<ffffffffa01cb3cb>] qedf_ll2_recv_thread+0x33b/0x510 [qedf]
      <4> [<ffffffffa01cb090>] ? qedf_ll2_recv_thread+0x0/0x510 [qedf]
      <4> [<ffffffff810a662e>] kthread+0x9e/0xc0
      <4> [<ffffffff8100c28a>] child_rip+0xa/0x20
      <4> [<ffffffff810a6590>] ? kthread+0x0/0xc0
      <4> [<ffffffff8100c280>] ? child_rip+0x0/0x20
      <4>Code: 41 56 41 55 41 54 53 48 83 ec 18 0f 1f 44 00 00 89 75 cc 89 55 c8 4c 8d 6f 08 48 8b 57 08 41 89 cf 4d 89 c6 48 8d 42 e8 49 39 d5 <48> 8b 58 18 74 3f 48 83 eb 18 eb 0a 0f 1f 00 48 89 d8 48 8d 5a
      <1>RIP  [<ffffffff8105ed71>] __wake_up_common+0x31/0x90
      <4> RSP <ffff881068a83d50>
      <4>CR2: 0000000000000000
      Signed-off-by: NChad Dupuis <chad.dupuis@cavium.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      8eaf7dfc
    • M
      scsi: sr: Sanity check returned mode data · a00a7862
      Martin K. Petersen 提交于
      Kefeng Wang discovered that old versions of the QEMU CD driver would
      return mangled mode data causing us to walk off the end of the buffer in
      an attempt to parse it. Sanity check the returned mode sense data.
      
      Cc: <stable@vger.kernel.org>
      Reported-by: NKefeng Wang <wangkefeng.wang@huawei.com>
      Tested-by: NKefeng Wang <wangkefeng.wang@huawei.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      a00a7862
    • F
      scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable · 67804145
      Fam Zheng 提交于
      If device reports a small max_xfer_blocks and a zero opt_xfer_blocks, we
      end up using BLK_DEF_MAX_SECTORS, which is wrong and r/w of that size
      may get error.
      
      [mkp: tweaked to avoid setting rw_max twice and added typecast]
      
      Cc: <stable@vger.kernel.org> # v4.4+
      Fixes: ca369d51 ("block/sd: Fix device-imposed transfer length limits")
      Signed-off-by: NFam Zheng <famz@redhat.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      67804145
  2. 28 3月, 2017 1 次提交
  3. 23 3月, 2017 3 次提交
  4. 20 3月, 2017 4 次提交
  5. 17 3月, 2017 1 次提交
  6. 16 3月, 2017 9 次提交
  7. 14 3月, 2017 4 次提交
  8. 08 3月, 2017 2 次提交
  9. 07 3月, 2017 13 次提交