[sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kunpeng920 |
Fix Released
|
Undecided
|
Unassigned | ||
Ubuntu-18.04 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-18.04-hwe |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-19.04 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-19.10 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-20.04 |
Fix Released
|
Undecided
|
Unassigned | ||
Upstream-kernel |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Ike Panhc | ||
Disco |
Fix Released
|
Undecided
|
Ike Panhc | ||
Eoan |
Fix Released
|
Undecided
|
Ike Panhc | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Potential NULL-pointer dereference.
[Test Case]
No known test case, but the issue is clear from code reading.
[Fix]
445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_
[Regression Risk]
Patch restricted to hisi_sas driver.
[Bug Description]
sas kasan test will produce this out bounds in sas module
[Steps to Reproduce]
1) enbale this kasn
2)
3)
[Actual Results]
30293.504016] sas: ata464: end_device-2:2:6: dev error handler
[30293.504041] sas: ata465: end_device-2:2:7: dev error handler
[30293.504059] sas: ata466: end_device-2:2:8: dev error handler
[30293.538746] =======
[30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_
[30293.558642] Read of size 8 at addr ffffb72e47233540 by task kworker/
[30293.566004]
[30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: G B O 5.1.0-rc1-
[30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019
[30293.586037] Workqueue: events_unbound async_run_entry_fn
[30293.591331] Call trace:
[30293.593770] dump_backtrace+
[30293.597419] show_stack+
[30293.600726] dump_stack+
[30293.604032] print_address_
[30293.608716] kasan_report+
[30293.612366] __asan_
[30293.615842] hisi_sas_
[30293.620961] hisi_sas_
[30293.625562] sas_ata_
[30293.629646] ata_do_
[30293.634160] ata_eh_
[30293.637897] ata_eh_
[30293.641804] ata_do_eh+0x50/0xd0
[30293.645020] ata_std_
[30293.649273] ata_scsi_
[30293.654216] async_sas_
[30293.658040] async_run_
[30293.662121] process_
[30293.666115] worker_
[30293.669762] kthread+0x1b0/0x1b8
[30293.672978] ret_from_
[30293.676541]
[30293.678027] Allocated by task 16690:
[30293.681593] __kasan_
[30293.686018] kasan_kmalloc+
[30293.689496] __kmalloc_
[30293.694270] devm_kmalloc+
[30293.697746] hisi_sas_
[30293.701828] local_pci_
[30293.705562] work_for_
[30293.709300] process_
[30293.713294] worker_
[30293.717027] kthread+0x1b0/0x1b8
[30293.720241] ret_from_
[30293.723801]
[30293.725287] Freed by task 16227:
[30293.728503] __kasan_
[30293.732583] kasan_slab_
[30293.736318] kfree+0x74/0x150
[30293.739276] devres_
[30293.742665] devres_
[30293.746313] devm_pinctrl_
[30293.750136] pinctrl_
[30293.754214] really_
[30293.757777] driver_
[30293.761944] __device_
[30293.766285] bus_for_
[30293.770194] __device_
[30293.774101] device_
[30293.778270] bus_probe_
[30293.782178] device_
[30293.785658] scsi_sysfs_
[30293.789825] scsi_probe_
[30293.794425] __scsi_
[30293.798591] scsi_scan_
[30293.802586] sas_rphy_
[30293.806234] sas_probe_
[30293.810313] sas_discover_
[30293.814567] process_
[30293.818560] worker_
[30293.822207] kthread+0x1b0/0x1b8
[30293.825423] ret_from_
[30293.828983]
[30293.830473] The buggy address belongs to the object at ffffb72e47233480
[30293.830473] which belongs to the cache kmalloc-256 of size 256
[30293.842934] The buggy address is located 192 bytes inside of
[30293.842934] 256-byte region [ffffb72e47233480, ffffb72e47233580)
[30293.854617] The buggy address belongs to the page:
[30293.859388] page:ffff7edcb9
[30293.867360] flags: 0xdfffe00000000
[30293.871533] raw: dfffe00000000200 ffff7edcb915ca48 ffff7edcb93fdc08 ffff972e5f000200
[Expected Results]
[Reproducibility]
[Additional information]
(Firmware version, kernel version, affected hardware, etc. if required):
[Resolution]
scsi: hisi_sas: Fix out of bound at debug_I_
Changed in linux (Ubuntu Eoan): | |
assignee: | nobody → Ike Panhc (ikepanhc) |
status: | New → In Progress |
Changed in linux (Ubuntu Disco): | |
assignee: | nobody → Ike Panhc (ikepanhc) |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Ike Panhc (ikepanhc) |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | Incomplete → Fix Released |
Changed in kunpeng920: | |
status: | New → In Progress |
description: | updated |
Changed in linux (Ubuntu Eoan): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in kunpeng920: | |
status: | In Progress → Fix Committed |
Changed in kunpeng920: | |
status: | Fix Committed → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1853992
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.