On Sun, Dec 15, 2019 at 12:32:25PM -0500, Sasha Levin wrote:
On Sat, Dec 14, 2019 at 04:04:57PM +0100, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 5.3-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f45bca8c5052e8c59bab64ee90c44441678b9a52 Mon Sep 17 00:00:00 2001
From: Quinn Tran qutran@marvell.com Date: Tue, 5 Nov 2019 07:06:54 -0800 Subject: [PATCH] scsi: qla2xxx: Fix double scsi_done for abort path
Current code assumes abort will remove the original command from the active list where scsi_done will not be called. Instead, the eh_abort thread will do the scsi_done. That is not the case. Instead, we have a double scsi_done calls triggering use after free.
Abort will tell FW to release the command from FW possesion. The original command will return to ULP with error in its normal fashion via scsi_done. eh_abort path would wait for the original command completion before returning. eh_abort path will not perform the scsi_done call.
Fixes: 219d27d7147e0 ("scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands") Cc: stable@vger.kernel.org # 5.2 Link: https://lore.kernel.org/r/20191105150657.8092-6-hmadhani@marvell.com Reviewed-by: Ewan D. Milne emilne@redhat.com Signed-off-by: Quinn Tran qutran@marvell.com Signed-off-by: Arun Easi aeasi@marvell.com Signed-off-by: Himanshu Madhani hmadhani@marvell.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com
I took these two additional patches to resolve the conflict:
85cffefa09e4 ("scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command") bdb61b9b944d ("scsi: qla2xxx: Introduce the function qla2xxx_init_sp()")
Thanks for fixing up all of these scsi patches, much appreciated.
greg k-h