[PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[Guilherme G. Piccoli]

During a PCI hotplug remove event we could have a NULL pointer
dereference on lpfc_sli_abort_iocb(), if pring is NULL. This
patch adds a check for this case and is able to circumvent the
failure and continue the hotplug remove process with success.

This issue was introduced after the driver refactor made on
commit 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications").

Fixes: 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications")
Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
---
This patch was rebased against Martin's 4.12/scsi-fixes.

 drivers/scsi/lpfc/lpfc_sli.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index d6b184839bc2..134c60a66fb8 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -11003,9 +11003,13 @@ lpfc_sli_abort_iocb(struct lpfc_vport *vport, struct lpfc_sli_ring *pring,
 
 		/* Setup callback routine and issue the command. */
 		abtsiocb->iocb_cmpl = lpfc_sli_abort_fcp_cmpl;
-		ret_val = lpfc_sli_issue_iocb(phba, pring->ringno,
-					      abtsiocb, 0);
-		if (ret_val == IOCB_ERROR) {
+
+		/* In PCI hotplug remove path, pring might be NULL */
+		if (pring)
+			ret_val = lpfc_sli_issue_iocb(phba, pring->ringno,
+						      abtsiocb, 0);
+
+		if (!pring || ret_val == IOCB_ERROR) {
 			lpfc_sli_release_iocbq(phba, abtsiocb);
 			errcnt++;
 			continue;
-- 
2.12.0.rc0

Re: [PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[Johannes Thumshirn]

On 05/28/2017 11:45 PM, Guilherme G. Piccoli wrote:
> During a PCI hotplug remove event we could have a NULL pointer
> dereference on lpfc_sli_abort_iocb(), if pring is NULL. This
> patch adds a check for this case and is able to circumvent the
> failure and continue the hotplug remove process with success.
> 
> This issue was introduced after the driver refactor made on
> commit 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications").
> 
> Fixes: 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications")
> Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
> ---

Looks good,
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>

-- 
Johannes Thumshirn                                          Storage
jthumshirn@suse.de                                +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850

Re: [PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[Raphael Philipe Mendes da Silva]

On Mon, May 29, 2017 at 09:56:09AM +0200, Johannes Thumshirn wrote:
> On 05/28/2017 11:45 PM, Guilherme G. Piccoli wrote:
> > During a PCI hotplug remove event we could have a NULL pointer
> > dereference on lpfc_sli_abort_iocb(), if pring is NULL. This
> > patch adds a check for this case and is able to circumvent the
> > failure and continue the hotplug remove process with success.
> > 
> > This issue was introduced after the driver refactor made on
> > commit 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications").
> > 
> > Fixes: 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications")
> > Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
> > ---
> 
> Looks good,
> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>

Tested-by: Raphael Silva <raphasil@linux.vnet.ibm.com>

Re: [PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[James Smart]

looks good

Signed-off-by: James Smart  <james.smart@broadcom.com>

-- james



On 5/28/2017 2:45 PM, Guilherme G. Piccoli wrote:
> During a PCI hotplug remove event we could have a NULL pointer
> dereference on lpfc_sli_abort_iocb(), if pring is NULL. This
> patch adds a check for this case and is able to circumvent the
> failure and continue the hotplug remove process with success.
>
> This issue was introduced after the driver refactor made on
> commit 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications").
>
> Fixes: 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications")
> Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
> ---
> This patch was rebased against Martin's 4.12/scsi-fixes.
>
>

Re: [PATCH] scsi: lpfc: Fix crash on PCI hotplug remove path

[James Smart]

Actually, I think we solved this in a better manner in this patch in the 
11.4.0.0 patch set:
   PATCH 10/15] lpfc: Fix crash on powering off BFS VM with passthrough 
device
   http://marc.info/?l=linux-scsi&m=149621070910290&w=2

See if the above patch fixes your error.

-- james



On 5/29/2017 4:11 PM, James Smart wrote:
> looks good
>
> Signed-off-by: James Smart  <james.smart@broadcom.com>
>
> -- james
>
>
>
> On 5/28/2017 2:45 PM, Guilherme G. Piccoli wrote:
>> During a PCI hotplug remove event we could have a NULL pointer
>> dereference on lpfc_sli_abort_iocb(), if pring is NULL. This
>> patch adds a check for this case and is able to circumvent the
>> failure and continue the hotplug remove process with success.
>>
>> This issue was introduced after the driver refactor made on
>> commit 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications").
>>
>> Fixes: 895427bd012c ("scsi: lpfc: NVME Initiator: Base modifications")
>> Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
>> Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
>> ---
>> This patch was rebased against Martin's 4.12/scsi-fixes.
>>
>>
>