[PATCH] mpt3sas: add NULL check in _base_fault_reset_work()

[PATCH] mpt3sas: add NULL check in _base_fault_reset_work()

[Sven Schnelle]

My HP C8000 (an PA-RISC based system) crashed with an HPMC. That
triggered the HPMC handler in the kernel, and i got a crash in
_base_fault_reset_work() from mpt3sas. It looks like this function
calls ioc->schedule_dead_ioc_flush_running_cmds() without checking
whether there's actually a function set, so it dereferences a NULL
pointer on that system. The c8000 actually uses the mptspi driver
instead of mpt3sas which doesn't seem to set this handler.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
---
Disclaimer: I have no idea about the inner workings of the MPT Fusion drivers.
So this might be completely wrong.

 drivers/message/fusion/mptbase.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index 7f7abc9069f7..38f5aa43b457 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
@@ -381,7 +381,8 @@ mpt_fault_reset_work(struct work_struct *work)
 		 * since dead ioc will never return any command back from HW.
 		 */
 		hd = shost_priv(ioc->sh);
-		ioc->schedule_dead_ioc_flush_running_cmds(hd);
+		if (ioc->schedule_dead_ioc_flush_running_cmds)
+			ioc->schedule_dead_ioc_flush_running_cmds(hd);
 
 		/*Remove the Dead Host */
 		p = kthread_run(mpt_remove_dead_ioc_func, ioc,
-- 
2.33.0

Re: [PATCH] mpt3sas: add NULL check in _base_fault_reset_work()

[Martin K. Petersen]

Sven,

> My HP C8000 (an PA-RISC based system) crashed with an HPMC. That
> triggered the HPMC handler in the kernel, and i got a crash in
> _base_fault_reset_work() from mpt3sas. It looks like this function
> calls ioc->schedule_dead_ioc_flush_running_cmds() without checking
> whether there's actually a function set, so it dereferences a NULL
> pointer on that system. The c8000 actually uses the mptspi driver
> instead of mpt3sas which doesn't seem to set this handler.

I'm not sure how you end up in the mpt3sas driver if your system uses
mptspi!?

Can you please send us the HPMC and the output of lspci?

Thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

Re: [PATCH] mpt3sas: add NULL check in _base_fault_reset_work()

[Sven Schnelle]

Hi Martin,

"Martin K. Petersen" <martin.petersen@oracle.com> writes:

>> My HP C8000 (an PA-RISC based system) crashed with an HPMC. That
>> triggered the HPMC handler in the kernel, and i got a crash in
>> _base_fault_reset_work() from mpt3sas. It looks like this function
>> calls ioc->schedule_dead_ioc_flush_running_cmds() without checking
>> whether there's actually a function set, so it dereferences a NULL
>> pointer on that system. The c8000 actually uses the mptspi driver
>> instead of mpt3sas which doesn't seem to set this handler.
>
> I'm not sure how you end up in the mpt3sas driver if your system uses
> mptspi!?
>
> Can you please send us the HPMC and the output of lspci?

It doesn't end up in mpt3sas, i was just confused because
schedule_dead_ioc_flush_running_cmds() exist also there. If you look at
the diff, you see that i patched the mptspi driver. So the description
is just wrong, sorry.

I'll try to see whether i can reproduce it once more, but the question
still is whether the if () check is okay, or whether that needs more
work (i.e., a handler for that)

Regards
Sven