diff options
| author | Andrew Vasquez <andrew.vasquez@qlogic.com> | 2010-02-18 10:07:26 -0800 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@suse.de> | 2010-02-19 10:46:35 -0600 |
| commit | 715848ca6fffeb6362a50887d9c26245bd5dfba9 (patch) | |
| tree | 36ac766a39b039402f948b092f771bf00fbf3cf3 /drivers/scsi/qla2xxx/qla_gbl.h | |
| parent | 55e5ed273d758c62d2f1fad47c73716039f7c01c (diff) | |
| download | linux-715848ca6fffeb6362a50887d9c26245bd5dfba9.tar.bz2 | |
[SCSI] qla2xxx: Correct use-after-free issue in terminate_rport_io callback.
The explicit logout (LOGO) issued at the end of the callback will
flush (via normal scsi_cmnd->done()) any outstanding commands
(FCP2) the firmware is holding. While iterating through the
outstanding_cmnd array in qla2x00_abort_fcport_cmds(), locking
and unlocking of the hardware spinlock, opens-up the driver to
cases where the processed SRB (sp) could be used after the
command completed from interrupt context.
Cc: stable@kernel.org
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers/scsi/qla2xxx/qla_gbl.h')
| -rw-r--r-- | drivers/scsi/qla2xxx/qla_gbl.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h index b42e704bdca9..238f353b6b42 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h @@ -96,7 +96,6 @@ extern int qla2x00_post_uevent_work(struct scsi_qla_host *, u32); extern int qla81xx_restart_mpi_firmware(scsi_qla_host_t *); -extern void qla2x00_abort_fcport_cmds(fc_port_t *); extern struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *, struct qla_hw_data *); extern void qla2x00_free_host(struct scsi_qla_host *); |