summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorWei Fang <fangwei1@huawei.com>2016-07-06 12:00:25 +0300
committerMartin K. Petersen <martin.petersen@oracle.com>2016-07-21 03:53:35 +0300
commit354a086d9369cb7471790fa047665884f2bc6d79 (patch)
tree50ddfb91b7794b71fb436eceab099018a157032a /drivers
parentdd7328e4c53649c1c7ec36bc1cf5b229b8662047 (diff)
downloadlinux-354a086d9369cb7471790fa047665884f2bc6d79.tar.xz
scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
A freed task has been assigned to ->lldd_task when lldd_execute_task() failed in sas_ata_qc_issue(), and access of ->lldd_task will cause an oops: Call trace: [<ffffffc000641f64>] sas_ata_post_internal+0x6c/0x150 [<ffffffc0006c0d64>] ata_exec_internal_sg+0x32c/0x588 [<ffffffc0006c1048>] ata_exec_internal+0x88/0xe8 [<ffffffc0006c13b4>] ata_dev_read_id+0x204/0x5e0 [<ffffffc0006c17f0>] ata_dev_reread_id+0x60/0xc8 [<ffffffc0006c3098>] ata_dev_revalidate+0x88/0x1e0 [<ffffffc0006cf828>] ata_eh_recover+0xcf8/0x13a8 [<ffffffc0006d075c>] ata_do_eh+0x5c/0xe0 [<ffffffc0006d0828>] ata_std_error_handler+0x48/0x98 [<ffffffc0006d042c>] ata_scsi_port_error_handler+0x474/0x658 [<ffffffc000641b78>] async_sas_ata_eh+0x50/0x80 [<ffffffc0000ca664>] async_run_entry_fn+0x64/0x180 [<ffffffc0000c085c>] process_one_work+0x164/0x438 [<ffffffc0000c0c74>] worker_thread+0x144/0x4b0 [<ffffffc0000c70fc>] kthread+0xfc/0x110 Fix this by reassigning NULL to ->lldd_task in error path. Signed-off-by: Wei Fang <fangwei1@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/libsas/sas_ata.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index 935c43095109..596a5450f0eb 100644
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
if (qc->scsicmd)
ASSIGN_SAS_TASK(qc->scsicmd, NULL);
sas_free_task(task);
+ qc->lldd_task = NULL;
ret = AC_ERR_SYSTEM;
}