From: Mike Christie <michaelc@cs.wisc.edu>
To: Ravi Anand <ravi.anand@qlogic.com>
Cc: James Bottomley <james.bottomley@suse.de>,
Linux-SCSI Mailing List <linux-scsi@vger.kernel.org>,
Vikas Chaudhary <vikas.chaudhary@qlogic.com>,
Karen Higgins <karen.higgins@qlogic.com>
Subject: Re: [PATCH 06/12] qla4xxx: fixed NULL pointer dereference in eh_device_reset
Date: Tue, 06 Apr 2010 23:18:44 -0500 [thread overview]
Message-ID: <4BBC07A4.6060207@cs.wisc.edu> (raw)
In-Reply-To: <4BBC01F9.7090409@cs.wisc.edu>
On 04/06/2010 10:54 PM, Mike Christie wrote:
> On 04/06/2010 05:14 AM, Ravi Anand wrote:
>> From: Vikas Chaudhary<vikas.chaudhary@qlogic.com>
>>
>> Created variables to reference h, b, t, l, because if
>> scsi passthru command completes within eh_device_reset,
>> the cmd structure may no longer be valid.
>
>
>> @@ -1587,16 +1587,34 @@ static int qla4xxx_eh_wait_for_commands(struct
>> scsi_qla_host *ha,
>> **/
>> static int qla4xxx_eh_device_reset(struct scsi_cmnd *cmd)
>> {
>> - struct scsi_qla_host *ha = to_qla_host(cmd->device->host);
>> - struct ddb_entry *ddb_entry = cmd->device->hostdata;
>> + struct scsi_qla_host *ha;
>> + struct ddb_entry *ddb_entry;
>> int ret = FAILED, stat;
>> + struct Scsi_Host *h;
>> + unsigned int b, t, l;
>> +
>> + if (cmd == NULL) {
>> + DEBUG2(printk(KERN_INFO "%s: **** SCSI mid-layer passing in"
>> + " NULL cmd DEVICE RESET - cmd already"
>> + " completed.\n", __func__));
>> + return SUCCESS;
>> + }
>>
>> - if (!ddb_entry)
>> - return ret;
>> + h = cmd->device->host;
>> + b = cmd->device->channel;
>> + t = cmd->device->id;
>> + l = cmd->device->lun;
>> + ha = to_qla_host(h);
>> + ddb_entry = cmd->device->hostdata;
>
>
> Could it complete normally while you are accessing the cmd above still?
Actually, I do not think it matters. For pass through did you mean
scsi_reset_provider? If so the scmd passed to you for the
scsi_reset_provider code path is allocated by scsi_reset_provider, so it
is fine. For the normal code path (the scsi_unjam_host path), the scsi
completion code is supposed to prevent the scsi cmd from getting
completed when that code is running. If it is not then I think we are
going to have other problems.
prev parent reply other threads:[~2010-04-07 4:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-06 10:14 [PATCH 06/12] qla4xxx: fixed NULL pointer dereference in eh_device_reset Ravi Anand
2010-04-07 3:54 ` Mike Christie
2010-04-07 4:18 ` Mike Christie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BBC07A4.6060207@cs.wisc.edu \
--to=michaelc@cs.wisc.edu \
--cc=james.bottomley@suse.de \
--cc=karen.higgins@qlogic.com \
--cc=linux-scsi@vger.kernel.org \
--cc=ravi.anand@qlogic.com \
--cc=vikas.chaudhary@qlogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.