From: Dan Carpenter <dan.carpenter@oracle.com>
To: james.smart@broadcom.com
Cc: linux-scsi@vger.kernel.org
Subject: [bug report] scsi: lpfc: Rework locations of ndlp reference taking
Date: Fri, 27 Nov 2020 12:54:50 +0300 [thread overview]
Message-ID: <20201127095450.GA10080@mwanda> (raw)
Hello James Smart,
This is a semi-automatic email about new static checker warnings.
The patch 4430f7fd09ec: "scsi: lpfc: Rework locations of ndlp
reference taking" from Nov 15, 2020, leads to the following Smatch
complaint:
drivers/scsi/lpfc/lpfc_els.c:2043 lpfc_cmpl_els_plogi()
error: we previously assumed 'ndlp' could be null (see line 1942)
drivers/scsi/lpfc/lpfc_els.c
1941 ndlp = lpfc_findnode_did(vport, irsp->un.elsreq64.remoteID);
1942 if (!ndlp) {
^^^^
1943 lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
1944 "0136 PLOGI completes to NPort x%x "
1945 "with no ndlp. Data: x%x x%x x%x\n",
1946 irsp->un.elsreq64.remoteID,
1947 irsp->ulpStatus, irsp->un.ulpWord[4],
1948 irsp->ulpIoTag);
1949 goto out;
^^^^^^^^
"ndlp" is NULL
1950 }
1951
1952 /* Since ndlp can be freed in the disc state machine, note if this node
1953 * is being used during discovery.
1954 */
1955 spin_lock_irq(&ndlp->lock);
1956 disc = (ndlp->nlp_flag & NLP_NPR_2B_DISC);
1957 ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
1958 spin_unlock_irq(&ndlp->lock);
1959
1960 /* PLOGI completes to NPort <nlp_DID> */
1961 lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS,
1962 "0102 PLOGI completes to NPort x%06x "
1963 "Data: x%x x%x x%x x%x x%x\n",
1964 ndlp->nlp_DID, ndlp->nlp_fc4_type,
1965 irsp->ulpStatus, irsp->un.ulpWord[4],
1966 disc, vport->num_disc_nodes);
1967
1968 /* Check to see if link went down during discovery */
1969 if (lpfc_els_chk_latt(vport)) {
1970 spin_lock_irq(&ndlp->lock);
1971 ndlp->nlp_flag |= NLP_NPR_2B_DISC;
1972 spin_unlock_irq(&ndlp->lock);
1973 goto out;
1974 }
1975
1976 if (irsp->ulpStatus) {
1977 /* Check for retry */
1978 if (lpfc_els_retry(phba, cmdiocb, rspiocb)) {
1979 /* ELS command is being retried */
1980 if (disc) {
1981 spin_lock_irq(&ndlp->lock);
1982 ndlp->nlp_flag |= NLP_NPR_2B_DISC;
1983 spin_unlock_irq(&ndlp->lock);
1984 }
1985 goto out;
1986 }
1987 /* PLOGI failed Don't print the vport to vport rjts */
1988 if (irsp->ulpStatus != IOSTAT_LS_RJT ||
1989 (((irsp->un.ulpWord[4]) >> 16 != LSRJT_INVALID_CMD) &&
1990 ((irsp->un.ulpWord[4]) >> 16 != LSRJT_UNABLE_TPC)) ||
1991 (phba)->pport->cfg_log_verbose & LOG_ELS)
1992 lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
1993 "2753 PLOGI failure DID:%06X Status:x%x/x%x\n",
1994 ndlp->nlp_DID, irsp->ulpStatus,
1995 irsp->un.ulpWord[4]);
1996
1997 /* Do not call DSM for lpfc_els_abort'ed ELS cmds */
1998 if (lpfc_error_lost_link(irsp))
1999 goto check_plogi;
2000 else
2001 lpfc_disc_state_machine(vport, ndlp, cmdiocb,
2002 NLP_EVT_CMPL_PLOGI);
2003
2004 /* As long as this node is not registered with the scsi or nvme
2005 * transport, it is no longer an active node. Otherwise
2006 * devloss handles the final cleanup.
2007 */
2008 if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
2009 spin_lock_irq(&ndlp->lock);
2010 ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
2011 spin_unlock_irq(&ndlp->lock);
2012 lpfc_disc_state_machine(vport, ndlp, cmdiocb,
2013 NLP_EVT_DEVICE_RM);
2014 }
2015 } else {
2016 /* Good status, call state machine */
2017 prsp = list_entry(((struct lpfc_dmabuf *)
2018 cmdiocb->context2)->list.next,
2019 struct lpfc_dmabuf, list);
2020 ndlp = lpfc_plogi_confirm_nport(phba, prsp->virt, ndlp);
2021 lpfc_disc_state_machine(vport, ndlp, cmdiocb,
2022 NLP_EVT_CMPL_PLOGI);
2023 }
2024
2025 check_plogi:
2026 if (disc && vport->num_disc_nodes) {
2027 /* Check to see if there are more PLOGIs to be sent */
2028 lpfc_more_plogi(vport);
2029
2030 if (vport->num_disc_nodes == 0) {
2031 spin_lock_irq(shost->host_lock);
2032 vport->fc_flag &= ~FC_NDISC_ACTIVE;
2033 spin_unlock_irq(shost->host_lock);
2034
2035 lpfc_can_disctmo(vport);
2036 lpfc_end_rscn(vport);
2037 }
2038 }
2039
2040 out:
2041 lpfc_debugfs_disc_trc(vport, LPFC_DISC_TRC_NODE,
2042 "PLOGI Cmpl PUT: did:x%x refcnt %d",
2043 ndlp->nlp_DID, kref_read(&ndlp->kref), 0);
^^^^^^^^^^^^^ ^^^^^^^^^^^
Dereferenced here.
2044
2045 /* Release the reference on the original I/O request. */
regards,
dan carpenter
next reply other threads:[~2020-11-27 11:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-27 9:54 Dan Carpenter [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-11-15 14:13 [bug report] scsi: lpfc: Rework locations of ndlp reference taking Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201127095450.GA10080@mwanda \
--to=dan.carpenter@oracle.com \
--cc=james.smart@broadcom.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.