1. 10 1月, 2017 1 次提交
    • N
      scsi: qla2xxx: silence -Wformat-security warning · e2e8f619
      Nicolas Iooss 提交于
      qla24xx_enable_msix() calls scnprintf() with a non-literal format
      string. This makes clang report -Wformat-security warnings when
      compiling this function:
      
          drivers/scsi/qla2xxx/qla_isr.c:3083:7: error: format string is not a
          string literal (potentially insecure) [-Werror,-Wformat-security]
                              msix_entries[i].name);
                              ^~~~~~~~~~~~~~~~~~~~
          drivers/scsi/qla2xxx/qla_isr.c:3083:7: note: treat the string as an
          argument to avoid this
                              msix_entries[i].name);
                              ^
                              "%s",
          drivers/scsi/qla2xxx/qla_isr.c:3119:7: error: format string is not a
          string literal (potentially insecure) [-Werror,-Wformat-security]
                              msix_entries[QLA_ATIO_VECTOR].name);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          drivers/scsi/qla2xxx/qla_isr.c:3119:7: note: treat the string as an
          argument to avoid this
                              msix_entries[QLA_ATIO_VECTOR].name);
                              ^
                              "%s",
      
      Even though msix_entries[...].name are initialized as literal strings
      with no % character and are never modified, introduce a "%s" format
      parameter in order to silence this -Wformat-security warning and make
      clang able to detect at compile time real bugs related to string
      formatting.
      
      [mkp: typo]
      Signed-off-by: NNicolas Iooss <nicolas.iooss_linux@m4x.org>
      Reviewed-by: NBart Van Assche <bart.vanassche@sandisk.com>
      Acked-by: NHimanshu Madhani <himanshu.madhani@cavium.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      e2e8f619
  2. 15 12月, 2016 3 次提交
  3. 10 12月, 2016 1 次提交
  4. 18 11月, 2016 2 次提交
  5. 15 9月, 2016 1 次提交
  6. 16 7月, 2016 6 次提交
  7. 06 7月, 2016 1 次提交
    • B
      qla2xxx: Fix NULL pointer deref in QLA interrupt · 262e2bfd
      Bruno Prémont 提交于
      In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL
      pointer dereference when rsp->msix is NULL:
      
      [    5.622457] NULL pointer dereference at 0000000000000050
      [    5.622457] IP: [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
      [    5.622457] PGD 0
      [    5.622457] Oops: 0000 [#1] SMP
      [    5.622457] Modules linked in:
      [    5.622457] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.6.3-x86_64 #1
      [    5.622457] Hardware name: HP ProLiant DL360 G5, BIOS P58 05/02/2011
      [    5.622457] task: ffff8801a88f3740 ti: ffff8801a8954000 task.ti: ffff8801a8954000
      [    5.622457] RIP: 0010:[<ffffffff8155e614>]  [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
      [    5.622457] RSP: 0000:ffff8801afb03de8  EFLAGS: 00010002
      [    5.622457] RAX: 0000000000000000 RBX: 0000000000000032 RCX: 00000000ffffffff
      [    5.622457] RDX: 0000000000000002 RSI: ffff8801a79bf8c8 RDI: ffff8800c8f7e7c0
      [    5.622457] RBP: ffff8801afb03e68 R08: 0000000000000000 R09: 0000000000000000
      [    5.622457] R10: 00000000ffff8c47 R11: 0000000000000002 R12: ffff8801a79bf8c8
      [    5.622457] R13: ffff8800c8f7e7c0 R14: ffff8800c8f60000 R15: 0000000000018013
      [    5.622457] FS:  0000000000000000(0000) GS:ffff8801afb00000(0000) knlGS:0000000000000000
      [    5.622457] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [    5.622457] CR2: 0000000000000050 CR3: 0000000001e07000 CR4: 00000000000006e0
      [    5.622457] Stack:
      [    5.622457]  ffff8801afb03e30 ffffffff810c0f2d 0000000000000086 0000000000000002
      [    5.622457]  ffff8801afb03e28 ffffffff816570e1 ffff8800c8994628 0000000000000002
      [    5.622457]  ffff8801afb03e60 ffffffff816772d4 b47c472ad6955e68 0000000000000032
      [    5.622457] Call Trace:
      [    5.622457]  <IRQ>
      [    5.622457]  [<ffffffff810c0f2d>] ? __wake_up_common+0x4d/0x80
      [    5.622457]  [<ffffffff816570e1>] ? usb_hcd_resume_root_hub+0x51/0x60
      [    5.622457]  [<ffffffff816772d4>] ? uhci_hub_status_data+0x64/0x240
      [    5.622457]  [<ffffffff81560d00>] qla24xx_intr_handler+0xf0/0x2e0
      [    5.622457]  [<ffffffff810d569e>] ? get_next_timer_interrupt+0xce/0x200
      [    5.622457]  [<ffffffff810c89b4>] handle_irq_event_percpu+0x64/0x100
      [    5.622457]  [<ffffffff810c8a77>] handle_irq_event+0x27/0x50
      [    5.622457]  [<ffffffff810cb965>] handle_edge_irq+0x65/0x140
      [    5.622457]  [<ffffffff8101a498>] handle_irq+0x18/0x30
      [    5.622457]  [<ffffffff8101a276>] do_IRQ+0x46/0xd0
      [    5.622457]  [<ffffffff817f8fff>] common_interrupt+0x7f/0x7f
      [    5.622457]  <EOI>
      [    5.622457]  [<ffffffff81020d38>] ? mwait_idle+0x68/0x80
      [    5.622457]  [<ffffffff8102114a>] arch_cpu_idle+0xa/0x10
      [    5.622457]  [<ffffffff810c1b97>] default_idle_call+0x27/0x30
      [    5.622457]  [<ffffffff810c1d3b>] cpu_startup_entry+0x19b/0x230
      [    5.622457]  [<ffffffff810324c6>] start_secondary+0x136/0x140
      [    5.622457] Code: 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8b 47 58 a8 02 0f 84 c5 00 00 00 48 8b 46 50 49 89 f4 65 8b 15 34 bb aa 7e <39> 50 50 74 11 89 50 50 48 8b 46 50 8b 40 50 41 89 86 60 8b 00
      [    5.622457] RIP  [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
      [    5.622457]  RSP <ffff8801afb03de8>
      [    5.622457] CR2: 0000000000000050
      [    5.622457] ---[ end trace fa2b19c25106d42b ]---
      [    5.622457] Kernel panic - not syncing: Fatal exception in interrupt
      
      The affected code was introduced by commit cdb898c5
      (qla2xxx: Add irq affinity notification).
      
      Only dereference rsp->msix when it has been set so the machine can boot
      fine. Possibly rsp->msix is unset because:
      [    3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k.
      [    3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000.
      [    3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3).
      [    3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258.
      [    3.890145] scsi host0: qla2xxx
      [    3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA.
      [    3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496).
      [    5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps).
      Signed-off-by: NBruno Prémont <bonbons@linux-vserver.org>
      Acked-by: NQuinn Tran <quinn.tran@qlogic.com>
      CC: <stable@vger.kernel.org>  # 4.5+
      Fixes: cdb898c5Signed-off-by: NJames Bottomley <jejb@linux.vnet.ibm.com>
      262e2bfd
  8. 24 2月, 2016 1 次提交
  9. 07 2月, 2016 1 次提交
    • Q
      qla2xxx: Fix stale pointer access. · cb43285f
      Quinn Tran 提交于
      [ Upstream Commit 84e32a06 ]
      
      Commit 84e32a06 ("qla2xxx: Use pci_enable_msix_range() instead of
      pci_enable_msix()") introduced a regression when target mode is enabled.
      In qla24xx_enable_msix(), ha->max_rsp_queues was incorrectly set
      to a value higher than the number of response queues allocated causing
      an invalid dereference. Specifically here in qla2x00_init_rings():
          *rsp->in_ptr = 0;
      
      Add additional check to make sure the pointer is valid. following
      call stack will be seen
      
      ---- 8< ----
      RIP: 0010:[<ffffffffa02ccadc>]  [<ffffffffa02ccadc>] qla2x00_init_rings+0xdc/0x320 [qla2xxx]
      RSP: 0018:ffff880429447dd8  EFLAGS: 00010082
      ....
      Call Trace:
      [<ffffffffa02ceb40>] qla2x00_abort_isp+0x170/0x6b0 [qla2xxx]
      [<ffffffffa02c6f77>] qla2x00_do_dpc+0x357/0x7f0 [qla2xxx]
      [<ffffffffa02c6c20>] ? qla2x00_relogin+0x260/0x260 [qla2xxx]
      [<ffffffff8107d2c9>] kthread+0xc9/0xe0
      [<ffffffff8107d200>] ? flush_kthread_worker+0x90/0x90
      [<ffffffff8172cc6f>] ret_from_fork+0x3f/0x70
      [<ffffffff8107d200>] ? flush_kthread_worker+0x90/0x90
      ---- 8< ----
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NQuinn Tran <quinn.tran@qlogic.com>
      Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
      Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
      cb43285f
  10. 08 1月, 2016 4 次提交
  11. 27 8月, 2015 5 次提交
  12. 13 8月, 2015 1 次提交
    • T
      qla2xxx: prevent board_disable from running during EEH · a30c2a3b
      Thadeu Lima de Souza Cascardo 提交于
      Commit f3ddac19 ("[SCSI] qla2xxx:
      Disable adapter when we encounter a PCI disconnect.") has introduced a
      code that disables the board, releasing some resources, when reading
      0xffffffff.
      
      In case this happens when there is an EEH, this read will trigger EEH
      detection and set PCI channel offline. EEH will be able to recover the
      card from this state by doing a reset, so it's a better option than
      simply disabling the card.
      
      Since eeh_check_failure will mark the channel as offline before
      returning the read value, in case there really was an EEH, we can simply
      check for pci_channel_offline, preventing the board_disable code from
      running if it's true.
      
      Without this patch, EEH code will try to access those same resources
      that board_disable will try to free. This race can cause EEH recovery to
      fail.
      
      [  504.370577] EEH: Notify device driver to resume
      [  504.370580] qla2xxx [0001:07:00.0]-9002:2: The device failed to resume I/O from slot/link_reset.
      Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
      Acked-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
      Signed-off-by: NJames Bottomley <JBottomley@Odin.com>
      a30c2a3b
  13. 13 6月, 2015 1 次提交
  14. 10 4月, 2015 2 次提交
  15. 25 9月, 2014 5 次提交
  16. 17 9月, 2014 5 次提交