1
linux/drivers/scsi/libfc
Vasu Dev 8b7ac2bb07 [SCSI] libfc: possible race could panic system due to NULL fsp->cmd
It is unlikely but in case if it hits then it would cause panic
due to null cmd ptr, so far only one instance seen recently with
ESX though this was introduced long ago with this commit:-

commit c1ecb90a66
Author: Chris Leech <christopher.leech@intel.com>
Date:   Thu Dec 10 09:59:26 2009 -0800
[SCSI] libfc: reduce hold time on SCSI host lock

Currently fsp->cmd is set to NULL w/o scsi_queue_lock before
dequeuing from scsi_pkt_queue and that could cause NULL
fsp->cmd in fc_fcp_cleanup_each_cmd for cmd completing
with fsp->cmd = NULL after fc_fcp_cleanup_each_cmd taken
reference. No need to set fsp->cmd to NULL as this is also
protected by fc_fcp_lock_pkt(), for above race the
fc_fcp_lock_pkt() in fc_fcp_cleanup_each_cmd() will fail
as that cmd is  already done.

Mike mentioned same issue at
http://www.open-fcoe.org/pipermail/devel/2010-September/010533.html

Similarly moved sc_cmd->SCp.ptr = NULL under scsi_queue_lock so
that scsi abort error handler won't abort on completed cmds.

Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2010-10-25 15:11:35 -05:00
..
fc_disc.c [SCSI] libfc: don't require a local exchange for incoming requests 2010-07-28 09:06:02 -05:00
fc_elsct.c [SCSI] libfc: add fc_fill_reply_hdr() and fc_fill_hdr() 2010-07-28 09:06:00 -05:00
fc_exch.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
fc_fcp.c [SCSI] libfc: possible race could panic system due to NULL fsp->cmd 2010-10-25 15:11:35 -05:00
fc_frame.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fc_libfc.c [SCSI] libfc: add fc_fill_reply_hdr() and fc_fill_hdr() 2010-07-28 09:06:00 -05:00
fc_libfc.h [SCSI] libfc: add discovery-private pointer for LLD 2010-07-28 09:05:52 -05:00
fc_lport.c [SCSI] libfc: adds flogi retry in case DID is zero in RJT 2010-10-25 15:11:32 -05:00
fc_npiv.c [SCSI] libfc: Move the port_id into lport 2010-05-16 22:22:34 -04:00
fc_rport.c [SCSI] libfc: fix setting of rport dev loss 2010-10-25 15:11:29 -05:00
Makefile [SCSI] libfc: add some generic NPIV support routines to libfc 2009-12-04 12:00:56 -06:00