scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
stable inclusion from stable-v4.19.218 commit b291d147d0268e93ad866f8bc820ea14497abc9b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9FNFI CVE: CVE-2021-47203 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b291d147d0268e93ad866f8bc820ea14497abc9b -------------------------------- [ Upstream commit 99154581 ] When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure. Link: https://lore.kernel.org/r/20210910233159.115896-2-jsmart2021@gmail.com Co-developed-by:Justin Tee <justin.tee@broadcom.com> Signed-off-by:
Loading
Please sign in to comment