From: sashiko-bot@kernel.org
To: "Tyrel Datwyler" <tyreld@linux.ibm.com>
Cc: linux-scsi@vger.kernel.org
Subject: Re: [PATCH 19/29] ibmvfc: implement NVMe/FC stubs for local/remote port registration
Date: Tue, 23 Jun 2026 01:51:01 +0000 [thread overview]
Message-ID: <20260623015101.EBCBF1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260623013035.3436640-20-tyreld@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Unconditional NULL pointer dereference in NVMe-FC local and remote port unregistration paths.
--
commit 70b1c2d3d0ca257b156db2ba118e3a6f944e519d
Author: Tyrel Datwyler <tyreld@linux.ibm.com>
ibmvfc: implement NVMe/FC stubs for local/remote port registration
Implement the initial NVMe/FC local-port and remote-port registration
functions that notify the NVMe-FC midlayr of port discovery and loss.
> diff --git a/drivers/scsi/ibmvscsi/ibmvfc-nvme.c b/drivers/scsi/ibmvscsi/ibmvfc-nvme.c
> index 4a66cde8a8d20..202e8d0b00813 100644
> --- a/drivers/scsi/ibmvscsi/ibmvfc-nvme.c
> +++ b/drivers/scsi/ibmvscsi/ibmvfc-nvme.c
> @@ -14,10 +14,18 @@
>
> static void ibmvfc_nvme_localport_delete(struct nvme_fc_local_port *lport)
> {
> + struct ibmvfc_host *vhost = lport->private;
> +
> + vhost->nvme_local_port = NULL;
> + complete(&vhost->nvme_delete_done);
> }
>
> static void ibmvfc_nvme_remoteport_delete(struct nvme_fc_remote_port *rport)
> {
> + struct ibmvfc_target *tgt = rport->private;
> +
> + tgt->nvme_remote_port = NULL;
> + complete(&tgt->nvme_delete_done);
> }
[ ... ]
> @@ -70,18 +78,85 @@ static struct nvme_fc_port_template ibmvfc_nvme_fc_transport = {
>
> int ibmvfc_nvme_register_remoteport(struct ibmvfc_target *tgt)
> {
[ ... ]
> void ibmvfc_nvme_unregister_remoteport(struct ibmvfc_target *tgt)
> {
> + struct ibmvfc_host *vhost = tgt->vhost;
> + struct nvme_fc_remote_port *rport = tgt->nvme_remote_port;
> + int rc;
> +
> + if (!tgt->nvme_remote_port)
> + return;
> +
> + ibmvfc_log(vhost, 2, "unregister_remoteport: traddr=nn-0x%llx:pn-0x%llx PortID:%x\n",
> + rport->node_name, rport->port_name, rport->port_id);
> + init_completion(&tgt->nvme_delete_done);
> + rc = nvme_fc_unregister_remoteport(tgt->nvme_remote_port);
> +
> + if (!rc) {
> + wait_for_completion(&tgt->nvme_delete_done);
> + tgt->nvme_remote_port->private = NULL;
[Severity: High]
Does this code unconditionally dereference a NULL pointer?
When nvme_fc_unregister_remoteport() finishes, the asynchronous delete
callback ibmvfc_nvme_remoteport_delete() is called. This callback executes:
tgt->nvme_remote_port = NULL;
complete(&tgt->nvme_delete_done);
After waking up from wait_for_completion(), tgt->nvme_remote_port will
always be NULL, meaning the access to tgt->nvme_remote_port->private will
cause a kernel panic.
> + }
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260623013035.3436640-1-tyreld@linux.ibm.com?part=19
next prev parent reply other threads:[~2026-06-23 1:51 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 1:30 [PATCH 00/29] ibmvfc: Add NVMe-FC support Tyrel Datwyler
2026-06-23 1:30 ` [PATCH 01/29] ibmvfc: move target list from host to protocol specific channel groups Tyrel Datwyler
2026-06-23 1:49 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 02/29] ibmvfc: add NVMe/FC protocol interface definitions Tyrel Datwyler
2026-06-23 1:54 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 03/29] ibmvfc: split NVMe support into separate source file and add transport stubs Tyrel Datwyler
2026-06-23 1:50 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 04/29] ibmvfc: initialize NVMe channel configuration during driver probe Tyrel Datwyler
2026-06-23 1:51 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 05/29] ibmvfc: alloc/dealloc sub-queues for nvme channels Tyrel Datwyler
2026-06-23 1:55 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 06/29] ibmvfc: add logic for protocol specific fabric logins Tyrel Datwyler
2026-06-23 1:50 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 07/29] ibmvfc: add wrapper to get vhost associated with a channel struct Tyrel Datwyler
2026-06-23 1:30 ` [PATCH 08/29] ibmvfc: add helper for creating protocol specific discovery event Tyrel Datwyler
2026-06-23 1:30 ` [PATCH 09/29] ibmvfc: add helper to check NVMe/FC support with active channels Tyrel Datwyler
2026-06-23 1:30 ` [PATCH 10/29] ibmvfc: allocate and free NVMe channel group discover buffer Tyrel Datwyler
2026-06-23 1:30 ` [PATCH 11/29] ibmvfc: send NVMe target discovery MAD Tyrel Datwyler
2026-06-23 1:52 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 12/29] ibmvfc: add NVMe/FC Implicit Logout and Move Login support Tyrel Datwyler
2026-06-23 1:49 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 13/29] ibmvfc: add NVMe/FC Port " Tyrel Datwyler
2026-06-23 1:53 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 14/29] ibmvfc: add NVMe/FC Process " Tyrel Datwyler
2026-06-23 1:52 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 15/29] ibmvfc: add NVMe/FC Query Target support Tyrel Datwyler
2026-06-23 1:52 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 16/29] ibmvfc: allocate targets based on protocol Tyrel Datwyler
2026-06-23 1:56 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 17/29] ibmvfc: delete NVMe/FC targets as well as SCSI Tyrel Datwyler
2026-06-23 1:51 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 18/29] ibmvfc: update state machine to process NVMe/FC targets Tyrel Datwyler
2026-06-23 1:55 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 19/29] ibmvfc: implement NVMe/FC stubs for local/remote port registration Tyrel Datwyler
2026-06-23 1:51 ` sashiko-bot [this message]
2026-06-23 1:30 ` [PATCH 20/29] ibmvfc: register local nvme fc port after fabric login Tyrel Datwyler
2026-06-23 1:57 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 21/29] ibmvfc: process NVMe/FC rports in work thread Tyrel Datwyler
2026-06-23 2:00 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 22/29] ibmvfc: extend ibmvfc_debug visibility to ibmvfc-nvme.h Tyrel Datwyler
2026-06-23 1:51 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 23/29] ibmvfc: declare global function definitions Tyrel Datwyler
2026-06-23 2:04 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 24/29] ibmvfc: implement LLDD callbacks for mapping nvme-fc queues Tyrel Datwyler
2026-06-23 2:05 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 25/29] ibmvfc: implement nvme-fc LS submission transport callback Tyrel Datwyler
2026-06-23 2:08 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 26/29] ibmvfc: implement nvme-fc IO command submission callback Tyrel Datwyler
2026-06-23 2:09 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 27/29] ibmvfc: implement nvme-fc LS abort handling callback Tyrel Datwyler
2026-06-23 2:09 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 28/29] ibmvfc: implement nvme-fc FCP abort callback Tyrel Datwyler
2026-06-23 2:05 ` sashiko-bot
2026-06-23 1:30 ` [PATCH 29/29] ibmvfc: fail nvme-fc fcp-io and ls requests during transport reset Tyrel Datwyler
2026-06-23 2:04 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623015101.EBCBF1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=tyreld@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox