[patch] qla1280 crash fix in error handling

From: Jes Sorensen
Date: Wed Dec 17 2003 - 08:28:40 EST


Hi,

The following patch fixes a big in the qla1280 driver where it would
leave a pointer to an on the stack completion event in a command
structure if qla1280_mailbox_command fails. The result is that the
interrupt handler later tries to complete() garbage on the stack. The
mailbox command can fail if a device on the bus decides to lock up etc.

Patch relative to 2.6.0-test11 but should apply to the current BK tree
as well.

Cheers,
Jes

--- linux-2.6.0-test11/drivers/scsi/orig/qla1280.c Wed Dec 17 05:14:18 2003
+++ linux-2.6.0-test11/drivers/scsi/qla1280.c Wed Dec 17 05:20:02 2003
@@ -16,9 +16,13 @@
* General Public License for more details.
*
******************************************************************************/
-#define QLA1280_VERSION "3.23.37"
+#define QLA1280_VERSION "3.23.37.1"
/*****************************************************************************
Revision History:
+ Rev 3.23.37.1 December 17, 2003, Jes Sorensen
+ - Delete completion queue from srb if mailbox command failed to
+ to avoid qla1280_done completeting qla1280_error_action's
+ obsolete context
Rev 3.23.37 October 1, 2003, Jes Sorensen
- Make MMIO depend on CONFIG_X86_VISWS instead of yet another
random CONFIG option
@@ -1464,8 +1468,15 @@
/* If we didn't manage to issue the action, or we have no
* command to wait for, exit here */
if (result == FAILED || handle == NULL ||
- handle == (unsigned char *)INVALID_HANDLE)
+ handle == (unsigned char *)INVALID_HANDLE) {
+ /*
+ * Clear completion queue to avoid qla1280_done() trying
+ * to complete the command at a later stage after we
+ * have exited the current context
+ */
+ sp->wait = NULL;
goto leave;
+ }

/* set up a timer just in case we're really jammed */
init_timer(&timer);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/