From 354a086d9369cb7471790fa047665884f2bc6d79 Mon Sep 17 00:00:00 2001 From: Wei Fang Date: Wed, 6 Jul 2016 17:00:25 +0800 Subject: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task A freed task has been assigned to ->lldd_task when lldd_execute_task() failed in sas_ata_qc_issue(), and access of ->lldd_task will cause an oops: Call trace: [] sas_ata_post_internal+0x6c/0x150 [] ata_exec_internal_sg+0x32c/0x588 [] ata_exec_internal+0x88/0xe8 [] ata_dev_read_id+0x204/0x5e0 [] ata_dev_reread_id+0x60/0xc8 [] ata_dev_revalidate+0x88/0x1e0 [] ata_eh_recover+0xcf8/0x13a8 [] ata_do_eh+0x5c/0xe0 [] ata_std_error_handler+0x48/0x98 [] ata_scsi_port_error_handler+0x474/0x658 [] async_sas_ata_eh+0x50/0x80 [] async_run_entry_fn+0x64/0x180 [] process_one_work+0x164/0x438 [] worker_thread+0x144/0x4b0 [] kthread+0xfc/0x110 Fix this by reassigning NULL to ->lldd_task in error path. Signed-off-by: Wei Fang Signed-off-by: Martin K. Petersen --- drivers/scsi/libsas/sas_ata.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c index 935c43095109..596a5450f0eb 100644 --- a/drivers/scsi/libsas/sas_ata.c +++ b/drivers/scsi/libsas/sas_ata.c @@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc) if (qc->scsicmd) ASSIGN_SAS_TASK(qc->scsicmd, NULL); sas_free_task(task); + qc->lldd_task = NULL; ret = AC_ERR_SYSTEM; } -- 2.20.1