• Dr. Greg Wettstein's avatar
    qla2xxx: Fix kernel panic on selective retransmission request · 6f58c780
    Dr. Greg Wettstein authored
    A selective retransmission request (SRR) is a fibre-channel
    protocol control request which provides support for requesting
    retransmission of a data sequence in response to an issue such as
    frame loss or corruption.  These events are experienced
    infrequently in fibre-channel based networks which makes
    it difficult to test and assess codepaths which handle these
    events.
    
    We were fortunate enough, for some definition of fortunate, to
    have a metro-area single-mode SAN link which, at 10 GBPS
    sustained load levels, would consistently generate SRR's in
    a SCST based target implementation using our SCST/in-kernel
    Qlogic target interface driver.  In response to an SRR the
    in-kernel Qlogic target driver immediately panics resulting
    in a catastrophic storage failure for serviced initiators.
    
    The culprit was a debug statement in the qla_target.c file which
    does not verify that a pointer to the SCSI CDB is not null.
    The unchecked pointer dereference results in the kernel panic
    and resultant system failure.
    
    The other two references to the SCSI CDB by the SRR handling code
    use a ternary operator to verify a non-null pointer is being
    acted on.  This patch simply adds a similar test to the implicated
    debug statement.
    
    This patch is a candidate for any stable kernel being maintained
    since it addresses a potentially catastrophic event with
    minimal downside.
    Signed-off-by: default avatarDr. Greg Wettstein <greg@enjellic.com>
    Cc: <stable@vger.kernel.org> #3.5+
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    6f58c780
qla_target.c 135 KB