** Changed in: kunpeng920/ubuntu-20.04
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1853992
Title:
[sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Status in kunpeng920:
Fix Committed
Status in kunpeng920 ubuntu-18.04 series:
Fix Released
Status in kunpeng920 ubuntu-18.04-hwe series:
Fix Released
Status in kunpeng920 ubuntu-19.04 series:
Fix Released
Status in kunpeng920 ubuntu-19.10 series:
Fix Released
Status in kunpeng920 ubuntu-20.04 series:
Fix Released
Status in kunpeng920 upstream-kernel series:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Disco:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
[Impact]
Potential NULL-pointer dereference.
[Test Case]
No known test case, but the issue is clear from code reading.
[Fix]
445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
[Regression Risk]
Patch restricted to hisi_sas driver.
[Bug Description]
sas kasan test will produce this out bounds in sas module
[Steps to Reproduce]
1) enbale this kasn
2)
3)
[Actual Results]
30293.504016] sas: ata464: end_device-2:2:6: dev error handler
[30293.504041] sas: ata465: end_device-2:2:7: dev error handler
[30293.504059] sas: ata466: end_device-2:2:8: dev error handler
[30293.538746]
==================================================================
[30293.550672] BUG: KASAN: slab-out-of-bounds in
hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.558642] Read of size 8 at addr ffffb72e47233540 by task
kworker/u193:3/79165
[30293.566004]
[30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: G B O
5.1.0-rc1-g7a3fab8-dirty #1
[30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2
CS V3.B010.01 06/21/2019
[30293.586037] Workqueue: events_unbound async_run_entry_fn
[30293.591331] Call trace:
[30293.593770] dump_backtrace+0x0/0x1f8
[30293.597419] show_stack+0x14/0x20
[30293.600726] dump_stack+0xc4/0xfc
[30293.604032] print_address_description+0x60/0x258
[30293.608716] kasan_report+0x164/0x1b8
[30293.612366] __asan_load8+0x84/0xa8
[30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170
[30293.625562] sas_ata_hard_reset+0x88/0x178
[30293.629646] ata_do_reset.constprop.6+0x80/0x90
[30293.634160] ata_eh_reset+0x71c/0x10e8
[30293.637897] ata_eh_recover+0x3d0/0x1a80
[30293.641804] ata_do_eh+0x50/0xd0
[30293.645020] ata_std_error_handler+0x78/0xa8
[30293.649273] ata_scsi_port_error_handler+0x288/0x930
[30293.654216] async_sas_ata_eh+0x68/0x90
[30293.658040] async_run_entry_fn+0x7c/0x1c0
[30293.662121] process_one_work+0x3c0/0x878
[30293.666115] worker_thread+0x70/0x670
[30293.669762] kthread+0x1b0/0x1b8
[30293.672978] ret_from_fork+0x10/0x18
[30293.676541]
[30293.678027] Allocated by task 16690:
[30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188
[30293.686018] kasan_kmalloc+0xc/0x18
[30293.689496] __kmalloc_node_track_caller+0x5c/0x98
[30293.694270] devm_kmalloc+0x44/0xb8
[30293.697746] hisi_sas_v3_probe+0x2ec/0x698
[30293.701828] local_pci_probe+0x74/0xf0
[30293.705562] work_for_cpu_fn+0x2c/0x48
[30293.709300] process_one_work+0x3c0/0x878
[30293.713294] worker_thread+0x400/0x670
[30293.717027] kthread+0x1b0/0x1b8
[30293.720241] ret_from_fork+0x10/0x18
[30293.723801]
[30293.725287] Freed by task 16227:
[30293.728503] __kasan_slab_free+0x108/0x210
[30293.732583] kasan_slab_free+0x10/0x18
[30293.736318] kfree+0x74/0x150
[30293.739276] devres_free+0x34/0x48
[30293.742665] devres_release+0x38/0x60
[30293.746313] devm_pinctrl_put+0x34/0x58
[30293.750136] pinctrl_bind_pins+0x164/0x248
[30293.754214] really_probe+0xc0/0x3b0
[30293.757777] driver_probe_device+0x70/0x138
[30293.761944] __device_attach_driver+0xc0/0xe0
[30293.766285] bus_for_each_drv+0xcc/0x150
[30293.770194] __device_attach+0x154/0x1c0
[30293.774101] device_initial_probe+0x10/0x18
[30293.778270] bus_probe_device+0xec/0x100
[30293.782178] device_add+0x5f8/0x9b8
[30293.785658] scsi_sysfs_add_sdev+0xa4/0x310
[30293.789825] scsi_probe_and_add_lun+0xe60/0x1240
[30293.794425] __scsi_scan_target+0x1ac/0x780
[30293.798591] scsi_scan_target+0x134/0x140
[30293.802586] sas_rphy_add+0x1fc/0x2c8
[30293.806234] sas_probe_devices+0x10c/0x1e8
[30293.810313] sas_discover_domain+0x754/0x998
[30293.814567] process_one_work+0x3c0/0x878
[30293.818560] worker_thread+0x70/0x670
[30293.822207] kthread+0x1b0/0x1b8
[30293.825423] ret_from_fork+0x10/0x18
[30293.828983]
[30293.830473] The buggy address belongs to the object at ffffb72e47233480
[30293.830473] which belongs to the cache kmalloc-256 of size 256
[30293.842934] The buggy address is located 192 bytes inside of
[30293.842934] 256-byte region [ffffb72e47233480, ffffb72e47233580)
[30293.854617] The buggy address belongs to the page:
[30293.859388] page:ffff7edcb91c8cc0 count:1 mapcount:0
mapping:ffff972e5f000200 index:0x0
[30293.867360] flags: 0xdfffe00000000200(slab)
[30293.871533] raw: dfffe00000000200 ffff7edcb915ca48 ffff7edcb93fdc08
ffff972e5f000200
[Expected Results]
[Reproducibility]
[Additional information]
(Firmware version, kernel version, affected hardware, etc. if required):
[Resolution]
scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
To manage notifications about this bug go to:
https://bugs.launchpad.net/kunpeng920/+bug/1853992/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
