Commit 0e70f996 authored by Jes Sorensen's avatar Jes Sorensen Committed by Linus Torvalds

[PATCH] qla1280 crash fix in error handling

This fixes a bug in the qla1280 driver where it would leave a pointer to
an on the stack completion event in a command structure if
qla1280_mailbox_command fails.  The result is that the interrupt handler
later tries to complete() garbage on the stack.  The mailbox command can
fail if a device on the bus decides to lock up etc.
parent f75da5af
...@@ -16,9 +16,13 @@ ...@@ -16,9 +16,13 @@
* General Public License for more details. * General Public License for more details.
* *
******************************************************************************/ ******************************************************************************/
#define QLA1280_VERSION "3.23.37" #define QLA1280_VERSION "3.23.37.1"
/***************************************************************************** /*****************************************************************************
Revision History: Revision History:
Rev 3.23.37.1 December 17, 2003, Jes Sorensen
- Delete completion queue from srb if mailbox command failed to
to avoid qla1280_done completeting qla1280_error_action's
obsolete context
Rev 3.23.37 October 1, 2003, Jes Sorensen Rev 3.23.37 October 1, 2003, Jes Sorensen
- Make MMIO depend on CONFIG_X86_VISWS instead of yet another - Make MMIO depend on CONFIG_X86_VISWS instead of yet another
random CONFIG option random CONFIG option
...@@ -1464,8 +1468,15 @@ qla1280_error_action(Scsi_Cmnd * cmd, enum action action) ...@@ -1464,8 +1468,15 @@ qla1280_error_action(Scsi_Cmnd * cmd, enum action action)
/* If we didn't manage to issue the action, or we have no /* If we didn't manage to issue the action, or we have no
* command to wait for, exit here */ * command to wait for, exit here */
if (result == FAILED || handle == NULL || if (result == FAILED || handle == NULL ||
handle == (unsigned char *)INVALID_HANDLE) handle == (unsigned char *)INVALID_HANDLE) {
/*
* Clear completion queue to avoid qla1280_done() trying
* to complete the command at a later stage after we
* have exited the current context
*/
sp->wait = NULL;
goto leave; goto leave;
}
/* set up a timer just in case we're really jammed */ /* set up a timer just in case we're really jammed */
init_timer(&timer); init_timer(&timer);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment