lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Mar 2019 12:13:31 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Bill Kuzeja <william.kuzeja@...atus.com>, Giridhar Malavali <gmalavali@...vell.com>, Himanshu Madhani <hmadhani@...vell.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, Sasha Levin <sashal@...nel.org> Subject: [PATCH 4.19 058/280] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 388a49959ee4e4e99f160241d9599efa62cd4299 ] In qla2x00_async_tm_cmd, we reference off sp after it has been freed. This caused a panic on a system running a slub debug kernel. Since fcport is passed in anyways, just use that instead. Signed-off-by: Bill Kuzeja <william.kuzeja@...atus.com> Acked-by: Giridhar Malavali <gmalavali@...vell.com> Acked-by: Himanshu Madhani <hmadhani@...vell.com> Signed-off-by: Martin K. Petersen <martin.petersen@...cle.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 5352c9bbcaf7..2271a2cd29d2 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1719,13 +1719,13 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint32_t lun, /* Issue Marker IOCB */ qla2x00_marker(vha, vha->hw->req_q_map[0], - vha->hw->rsp_q_map[0], sp->fcport->loop_id, lun, + vha->hw->rsp_q_map[0], fcport->loop_id, lun, flags == TCF_LUN_RESET ? MK_SYNC_ID_LUN : MK_SYNC_ID); } done_free_sp: sp->free(sp); - sp->fcport->flags &= ~FCF_ASYNC_SENT; + fcport->flags &= ~FCF_ASYNC_SENT; done: return rval; } -- 2.19.1
Powered by blists - more mailing lists