| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20120205220952.399096942@pcw.home.local>
Date: Sun, 05 Feb 2012 23:10:58 +0100
From: Willy Tarreau <w@....eu>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Babu Moger <babu.moger@...app.com>,
James Bottomley <JBottomley@...allels.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Greg KH <gregkh@...uxfoundation.org>
Subject: [PATCH 69/91] SCSI: scsi_dh: check queuedata pointer before proceeding further
2.6.27-longterm review patch. If anyone has any objections, please let us know.
------------------
commit a18a920c70d48a8e4a2b750d8a183b3c1a4be514 upstream.
This patch validates sdev pointer in scsi_dh_activate before proceeding further.
Without this check we might see the panic as below. I have seen this
panic multiple times..
Call trace:
#0 [ffff88007d647b50] machine_kexec at ffffffff81020902
#1 [ffff88007d647ba0] crash_kexec at ffffffff810875b0
#2 [ffff88007d647c70] oops_end at ffffffff8139c650
#3 [ffff88007d647c90] __bad_area_nosemaphore at ffffffff8102dd15
#4 [ffff88007d647d50] page_fault at ffffffff8139b8cf
[exception RIP: scsi_dh_activate+0x82]
RIP: ffffffffa0041922 RSP: ffff88007d647e00 RFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000093c5
RDX: 00000000000093c5 RSI: ffffffffa02e6640 RDI: ffff88007cc88988
RBP: 000000000000000f R8: ffff88007d646000 R9: 0000000000000000
R10: ffff880082293790 R11: 00000000ffffffff R12: ffff88007cc88988
R13: 0000000000000000 R14: 0000000000000286 R15: ffff880037b845e0
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000
#5 [ffff88007d647e38] run_workqueue at ffffffff81060268
#6 [ffff88007d647e78] worker_thread at ffffffff81060386
#7 [ffff88007d647ee8] kthread at ffffffff81064436
#8 [ffff88007d647f48] kernel_thread at ffffffff81003fba
Signed-off-by: Babu Moger <babu.moger@...app.com>
Signed-off-by: James Bottomley <JBottomley@...allels.com>
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
---
drivers/scsi/device_handler/scsi_dh.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
Index: longterm-2.6.27/drivers/scsi/device_handler/scsi_dh.c
===================================================================
--- longterm-2.6.27.orig/drivers/scsi/device_handler/scsi_dh.c 2012-02-05 22:34:32.891915048 +0100
+++ longterm-2.6.27/drivers/scsi/device_handler/scsi_dh.c 2012-02-05 22:34:44.687914590 +0100
@@ -423,7 +423,12 @@
spin_lock_irqsave(q->queue_lock, flags);
sdev = q->queuedata;
- if (sdev && sdev->scsi_dh_data)
+ if (!sdev) {
+ spin_unlock_irqrestore(q->queue_lock, flags);
+ return SCSI_DH_NOSYS;
+ }
+
+ if (sdev->scsi_dh_data)
scsi_dh = sdev->scsi_dh_data->scsi_dh;
if (!scsi_dh || !get_device(&sdev->sdev_gendev))
err = SCSI_DH_NOSYS;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists