On Mon, Nov 21, 2016 at 07:01:36AM +0100, Juergen Gross wrote:
> On 19/11/16 19:22, Quentin Lambert wrote:
> > Most error branches following the call to kmalloc contain
> > a call to kfree. This patch add these calls where they are
> > missing.
> >
> > This issue was found with Hector.
> >
> > Si
Hello,
The following program triggers use-after-free in bio_copy_from_iter:
https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
==
BUG: KASAN: use-af
- Original Message -
> From: "Ewan Milne"
> To: "Johannes Thumshirn"
> Cc: "Laurence Oberman" , "Eyal Ben David"
> , dgilb...@interlog.com,
> linux-scsi@vger.kernel.org
> Sent: Friday, November 25, 2016 12:56:16 PM
> Subject: Re: SG does not ignore dxferp (direct io + mmap)
>
> >> ---
>> ---
>>
>> In other words, this commit made the bad behavior go away in 4.8.
>> Need to look at this in more detail, it doesn't appear as if this patch
>> was intended to fix such a problem.
>>
>> -Ewan
>
>Are you sure it did? I can repropduce copy_to_user() errors with 4.8 as well.
>Using the
> "Mauricio" == Mauricio Faria de Oliveira
> writes:
Mauricio> The BUG_ON() recently introduced in lpfc_sli_ringtxcmpl_put()
Mauricio> is hit in the lpfc_els_abort() > lpfc_sli_issue_abort_iotag()
Mauricio> > lpfc_sli_abort_iotag_issue() function path [similar names],
Mauricio> due to 'p
> "Dan" == Dan Carpenter writes:
Dan> We verified that resp_code is FC_SPP_RESP_ACK earlier so we don't
Dan> need to check again here.
Applied to 4.10/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
- Original Message -
> From: "Eyal Ben David"
> To: "Johannes Thumshirn"
> Cc: "Ewan D. Milne" , "Laurence Oberman"
> , dgilb...@interlog.com,
> linux-scsi@vger.kernel.org
> Sent: Friday, November 25, 2016 7:36:34 AM
> Subject: Re: SG does not ignore dxferp (direct io + mmap)
>
> On F
> "Martin" == Martin K Petersen writes:
Hi Bart,
Martin> Applied to 4.10/scsi-queue.
2/2 needs a rebase and I'm not going to do another one this late in the
cycle. Please resend this patch once we hit 4.10 rc1.
Thanks!
--
Martin K. Petersen Oracle Linux Engineering
--
To unsubscribe
> "Bart" == Bart Van Assche writes:
Bart> The SRP transport code must wait until ongoing .queuecommand() /
Bart> .queue_rq() callback function invocations have finished before
Bart> reconnecting at the transport layer level and also before invoking
Bart> .terminate_rport_io(). This is already
> "Zhangfei" == Zhangfei Gao writes:
Applied to 4.10/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/
> "John" == John Garry writes:
John> I think that these 2 outstanding issues have been
John> addressed. Please let me know if there is anything else.
Series applied to 4.10/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
--
To unsubscribe from this list: send the line "unsu
Hello everybody,
I am trying to find the mapping for ata22.00. due to some repeated issues:
# 3.16.36-1+deb8u2~bpo70+1 crazing down
http://paste.debian.net/hidden/54c12fae/
# smart status 16 disks WDC 1TB RE SATA
http://paste.debian.net/hidden/8bfe8d2f/
"[473315.445703] ata22.00: exception Ema
On Fri, Nov 25, 2016 at 1:53 PM, Johannes Thumshirn wrote:
> On Fri, Nov 25, 2016 at 01:20:34PM +0200, Eyal Ben David wrote:
>> Note that sg_mmap_read does not parse the SCSI sense, so the script
>> might fail for other reasons (some SCSI error) and think its a zero
>> byte corruption.
>
> But SCS
On Fri, Nov 25, 2016 at 12:53:17PM +0100, Johannes Thumshirn wrote:
> On Fri, Nov 25, 2016 at 01:20:34PM +0200, Eyal Ben David wrote:
> > Note that sg_mmap_read does not parse the SCSI sense, so the script
> > might fail for other reasons (some SCSI error) and think its a zero
> > byte corruption.
Most error branches following the call to kzalloc contain
a call to kfree. This patch add these calls where they are
missing and set the relevant pointers to NULL.
This issue was found with Hector.
Signed-off-by: Quentin Lambert
---
v2: set the point to NULL after having freed it
drivers/scsi
On Fri, Nov 25, 2016 at 01:20:34PM +0200, Eyal Ben David wrote:
> Note that sg_mmap_read does not parse the SCSI sense, so the script
> might fail for other reasons (some SCSI error) and think its a zero
> byte corruption.
But SCSI generic checks for errors and returns -EINVAL on CHECK_CONDITION o
On 22/11/2016 22:01, Martin K. Petersen wrote:
"John" == John Garry writes:
John,
John> Are you happy with this patchset now that I've got an external
John> review?
Zhangfei Geo asked a question about patch 1/11 that has yet to be
answered. Patch 5/11 is still unreviewed.
Hi Martin,
I th
https://bugzilla.kernel.org/show_bug.cgi?id=189061
Bug ID: 189061
Summary: Function snic_probe() does not set set code when the
call to mempool_create_slab_pool() fails
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9
https://bugzilla.kernel.org/show_bug.cgi?id=189051
Bug ID: 189051
Summary: Function fnic_probe() does not set set code when the
call to mempool_create_slab_pool() fails
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9
Note that sg_mmap_read does not parse the SCSI sense, so the script
might fail for other reasons (some SCSI error) and think its a zero
byte corruption.
If you think an improved version could help (compare results within
the program + parse senses) I can help.
On Fri, Nov 25, 2016 at 10:07 AM,
https://bugzilla.kernel.org/show_bug.cgi?id=188961
Bug ID: 188961
Summary: Function mvs_task_prep() returns improper values on
failures
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
Hardware: All
https://bugzilla.kernel.org/show_bug.cgi?id=188951
Bug ID: 188951
Summary: Function beiscsi_create_eqs() may return improper
value when the call to pci_alloc_consistent() fails,
which may result in use-after-free
Product: SC
https://bugzilla.kernel.org/show_bug.cgi?id=189001
Bug ID: 189001
Summary: Function twl_probe() does not set error codes on some
failures
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
Hardware: All
https://bugzilla.kernel.org/show_bug.cgi?id=188941
Bug ID: 188941
Summary: Function beiscsi_create_cqs() may return improper
value when the call to pci_alloc_consistent() fails,
which may result in use-after-free
Product: SC
https://bugzilla.kernel.org/show_bug.cgi?id=188861
Bug ID: 188861
Summary: Function csio_config_device_caps() does not set error
codes on failures
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
Hardwar
https://bugzilla.kernel.org/show_bug.cgi?id=188851
Bug ID: 188851
Summary: Function twa_probe() does not set error codes on
failures
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
Hardware: All
https://bugzilla.kernel.org/show_bug.cgi?id=188681
Bug ID: 188681
Summary: Function csio_hw_flash_erase_sectors() does not return
correct error codes on failures
Product: SCSI Drivers
Version: 2.5
Kernel Version: linux-4.9-rc6
On Thu, Nov 24, 2016 at 01:52:38PM +0300, Dan Carpenter wrote:
> We verified that resp_code is FC_SPP_RESP_ACK earlier so we don't need
> to check again here.
>
> Signed-off-by: Dan Carpenter
>
Looks good,
Acked-by: Johannes Thumshirn
--
Johannes Thumshirn
On Wed, Nov 23, 2016 at 03:22:04PM -0500, Ewan Milne wrote:
[...]
> ---
>
> In other words, this commit made the bad behavior go away in 4.8.
> Need to look at this in more detail, it doesn't appear as if this patch
> was intended to fix such a problem.
>
> -Ewan
Are you sure it did? I can rep
29 matches
Mail list logo