[PATCH 03/12] lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req

All of lore.kernel.org
 help / color / mirror / Atom feed

From: James Smart <jsmart2021@gmail.com>
To: linux-scsi@vger.kernel.org
Cc: James Smart <jsmart2021@gmail.com>,
	Dick Kennedy <dick.kennedy@broadcom.com>
Subject: [PATCH 03/12] lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req
Date: Sun, 22 Mar 2020 11:12:55 -0700	[thread overview]
Message-ID: <20200322181304.37655-4-jsmart2021@gmail.com> (raw)
In-Reply-To: <20200322181304.37655-1-jsmart2021@gmail.com>

In lpfc_nvmet_prep_fcp_wqe() the line "rsp->sg_cnt = 0" is modifying the
transport's data structure. This may result in the transport believing
the s/g list was already freed, thus may not unmap/free it properly.
Lpfc driver should not modity the transport data structure.

The zeroing of the sg_cnt is to avoid use of the transport's sgl in a
subsequent loop where the driver builds the necessary requests for the
adapter firmware to complete the IO.

Change LLDD to use a local copy of the transport sg_cnt when building
requests to be passed to the adapter fw.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
---
 drivers/scsi/lpfc/lpfc_nvmet.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index 9dc9afe1c255..ae89d1450912 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -2598,7 +2598,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba *phba,
 	union lpfc_wqe128 *wqe;
 	struct ulp_bde64 *bde;
 	dma_addr_t physaddr;
-	int i, cnt;
+	int i, cnt, nsegs;
 	int do_pbde;
 	int xc = 1;
 
@@ -2629,6 +2629,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba *phba,
 				phba->cfg_nvme_seg_cnt);
 		return NULL;
 	}
+	nsegs = rsp->sg_cnt;
 
 	tgtp = (struct lpfc_nvmet_tgtport *)phba->targetport->private;
 	nvmewqe = ctxp->wqeq;
@@ -2868,7 +2869,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba *phba,
 		wqe->fcp_trsp.rsvd_12_15[0] = 0;
 
 		/* Use rspbuf, NOT sg list */
-		rsp->sg_cnt = 0;
+		nsegs = 0;
 		sgl->word2 = 0;
 		atomic_inc(&tgtp->xmt_fcp_rsp);
 		break;
@@ -2885,7 +2886,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba *phba,
 	nvmewqe->drvrTimeout = (phba->fc_ratov * 3) + LPFC_DRVR_TIMEOUT;
 	nvmewqe->context1 = ndlp;
 
-	for_each_sg(rsp->sg, sgel, rsp->sg_cnt, i) {
+	for_each_sg(rsp->sg, sgel, nsegs, i) {
 		physaddr = sg_dma_address(sgel);
 		cnt = sg_dma_len(sgel);
 		sgl->addr_hi = putPaddrHigh(physaddr);
-- 
2.16.4

next prev parent reply	other threads:[~2020-03-22 18:13 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-22 18:12 [PATCH 00/12] lpfc: Update lpfc to revision 12.8.0.0 James Smart
2020-03-22 18:12 ` [PATCH 01/12] lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login James Smart
2020-03-22 18:12 ` [PATCH 02/12] lpfc: Fix lockdep error - register non-static key James Smart
2020-03-22 18:12 ` James Smart [this message]
2020-03-22 18:12 ` [PATCH 04/12] lpfc: Fix scsi host template for SLI3 vports James Smart
2020-03-22 18:12 ` [PATCH 05/12] lpfc: Fix crash after handling a pci error James Smart
2020-03-22 18:12 ` [PATCH 06/12] lpfc: Fix update of wq consumer index in lpfc_sli4_wq_release James Smart
2020-03-22 18:12 ` [PATCH 07/12] lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG James Smart
2020-03-22 18:13 ` [PATCH 08/12] lpfc: Fix erroneous cpu limit of 128 on I/O statistics James Smart
2020-03-22 18:13 ` [PATCH 09/12] lpfc: Change default SCSI LUN QD to 64 James Smart
2020-03-23 11:05   ` Daniel Wagner
2020-03-23 16:18     ` James Smart
2020-03-22 18:13 ` [PATCH 10/12] lpfc: Make debugfs ktime stats generic for NVME and SCSI James Smart
2020-03-22 18:13 ` [PATCH 11/12] lpfc: Remove prototype FIPS/DSS options from SLI-3 James Smart
2020-03-22 18:13 ` [PATCH 12/12] lpfc: Update lpfc version to 12.8.0.0 James Smart
2020-03-27  3:17 ` [PATCH 00/12] lpfc: Update lpfc to revision 12.8.0.0 Martin K. Petersen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9dc9afe1c25 dfblob:ae89d145091 )
 OR (
bs:"[PATCH 03/12] lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200322181304.37655-4-jsmart2021@gmail.com \
    --to=jsmart2021@gmail.com \
    --cc=dick.kennedy@broadcom.com \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.