| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2016 09:30:30 +0200 From: Thorsten Leemhuis <regressions@...mhuis.info> To: Bruno Prémont <bonbons@...ux-vserver.org> Cc: Quinn Tran <quinn.tran@...gic.com>, Himanshu Madhani <himanshu.madhani@...gic.com>, Nicholas Bellinger <nab@...ux-iscsi.org>, qla2xxx-upstream@...gic.com, "James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] qla2xxx: Fix NULL pointer deref in QLA interrupt Bruno Prémont wrote on 11.07.2016 09:17: > On Fri, 8 Jul 2016 09:27:18 +0200 Thorsten Leemhuis wrote: >> Bruno Prémont wrote on 30.06.2016 17:00: >> > In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL >> > pointer dereference when rsp->msix is NULL: >> > […] >> > The affected code was introduced by commit cdb898c52d1dfad4b4800b83a58b3fe5d352edde >> > (qla2xxx: Add irq affinity notification). >> > >> > Only dereference rsp->msix when it has been set so the machine can boot >> > fine. Possibly rsp->msix is unset because: >> > [ 3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k. >> > [ 3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000. >> > [ 3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3). >> > [ 3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258. >> > [ 3.890145] scsi host0: qla2xxx >> > [ 3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA. >> > [ 3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496). >> > [ 5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps). >> >> Bruno: Does that mean you actually tested that patch and it fixed the >> problem for you? It looks like it, but there is some confusion about it; >> that's one of the reasons why this patch didn't get any further yet >> afaics, so a quick clarification might help to finally get this fixed >> properly in mainline and stable. > Yes, it does fix the Oops for me. Thx for the feedback. The patch hit mainline late last week (it's included in rc7) and should hopefully make it to the stable trees in a week or two. > I did not analyze the reason why rsp->msix is NULL (no idea if > it remains NULL forever on my hardware) - I just extracted messages > from qla driver shown during boot which seem to indicate a possible > reason why msix is NULL. > Further analysis should be done by someone with better knowledge of qla > driver than mine though I would be happy to perform tests. I have no idea about the details, but in case you missed it, this discussion might have some more relevant details: http://thread.gmane.org/gmane.linux.kernel/2247804/focus=2250727 Cheers, Thorsten
Powered by blists - more mailing lists