lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190327090254.10365-1-kai.heng.feng@canonical.com>
Date:   Wed, 27 Mar 2019 17:02:54 +0800
From:   Kai-Heng Feng <kai.heng.feng@...onical.com>
To:     axboe@...nel.dk
Cc:     linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org,
        Kai-Heng Feng <kai.heng.feng@...onical.com>,
        stable@...r.kernel.org
Subject: [PATCH] libata: Return correct rc status in sata_pmp_eh_recover_pm() pwhen ATA_DFLAG_DETACH is set

During system resume from suspend, this can be observed on ASM1062 PMP
controller:
<6>[12007.593358] ata10.01: SATA link down (SStatus 0 SControl 330)
<6>[12007.593469] ata10.02: hard resetting link
<6>[12007.908353] ata10.02: SATA link down (SStatus 0 SControl 330)
<6>[12007.911149] ata10.00: configured for UDMA/133
<0>[12007.972508] Kernel panic - not syncing: stack-protector: Kernel
stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40
<0>[12007.972508]
<4>[12007.972515] CPU: 2 PID: 230 Comm: scsi_eh_9 Tainted: P OE
4.15.0-46-generic #49-Ubuntu
<4>[12007.972517] Hardware name: System manufacturer System Product
Name/A320M-C, BIOS 1001 12/10/2017
<4>[12007.972518] Call Trace:
<4>[12007.972525] dump_stack+0x63/0x8b
<4>[12007.972530] panic+0xe4/0x244
<4>[12007.972533] ? sata_pmp_eh_recover+0xa2b/0xa40
<4>[12007.972536] __stack_chk_fail+0x19/0x20
<4>[12007.972538] sata_pmp_eh_recover+0xa2b/0xa40
<4>[12007.972543] ? ahci_do_softreset+0x260/0x260 [libahci]
<4>[12007.972545] ? ahci_do_hardreset+0x140/0x140 [libahci]
<4>[12007.972547] ? ata_phys_link_offline+0x60/0x60
<4>[12007.972549] ? ahci_stop_engine+0xc0/0xc0 [libahci]
<4>[12007.972552] sata_pmp_error_handler+0x22/0x30
<4>[12007.972554] ahci_error_handler+0x45/0x80 [libahci]
<4>[12007.972556] ata_scsi_port_error_handler+0x29b/0x770
<4>[12007.972558] ? ata_scsi_cmd_error_handler+0x101/0x140
<4>[12007.972559] ata_scsi_error+0x95/0xd0
<4>[12007.972562] ? scsi_try_target_reset+0x90/0x90
<4>[12007.972563] scsi_error_handler+0xd0/0x5b0
<4>[12007.972566] kthread+0x121/0x140
<4>[12007.972567] ? scsi_eh_get_sense+0x200/0x200
<4>[12007.972569] ? kthread_create_worker_on_cpu+0x70/0x70
<4>[12007.972572] ret_from_fork+0x22/0x40
<0>[12007.972591] Kernel Offset: 0xcc00000 from 0xffffffff81000000
(relocation range: 0xffffffff80000000-0xffffffffbfffffff)

Since sata_pmp_eh_recover_pmp() doens't set rc when ATA_DFLAG_DETACH is
set, sata_pmp_eh_recover() continues to run. During retry it triggers
the stack protector.

Set correct rc in sata_pmp_eh_recover_pmp() to let sata_pmp_eh_recover()
jump to pmp_fail directly.

BugLink: https://bugs.launchpad.net/bugs/1821434
Cc: stable@...r.kernel.org
Signed-off-by: Kai-Heng Feng <kai.heng.feng@...onical.com>
---
 drivers/ata/libata-pmp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/ata/libata-pmp.c b/drivers/ata/libata-pmp.c
index 2ae1799f4992..51eeaea65833 100644
--- a/drivers/ata/libata-pmp.c
+++ b/drivers/ata/libata-pmp.c
@@ -764,6 +764,7 @@ static int sata_pmp_eh_recover_pmp(struct ata_port *ap,
 
 	if (dev->flags & ATA_DFLAG_DETACH) {
 		detach = 1;
+		rc = -ENODEV;
 		goto fail;
 	}
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ